Oracle Linux Automation Manager CLI and API Reference Guide

Update a Setting

put

/api/v2/settings/{category_slug}/

Make a PUT or PATCH request to this resource to update this setting. The following fields may be modified:

ACTIVITY_STREAM_ENABLED: Enable capturing activity for the activity stream. (boolean, required)
ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: Enable capturing activity for the activity stream when running inventory sync. (boolean, required)
ORG_ADMINS_CAN_SEE_ALL_USERS: Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization. (boolean, required)
MANAGE_ORGANIZATION_AUTH: Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration. (boolean, required)
TOWER_URL_BASE: This setting is used by services like notifications to render a valid url to the service. (string, required)
REMOTE_HOST_HEADERS: HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details. (list, required)
PROXY_IP_ALLOWED_LIST: If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally') (list, required)
CSRF_TRUSTED_ORIGINS: If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. (list, default=[])
REDHAT_USERNAME: This username is used to send data to Automation Analytics (string, default="")
REDHAT_PASSWORD: This password is used to send data to Automation Analytics (string, default="")
SUBSCRIPTIONS_USERNAME: This username is used to retrieve subscription and content information (string, default="")
SUBSCRIPTIONS_PASSWORD: This password is used to retrieve subscription and content information (string, default="")
AUTOMATION_ANALYTICS_URL: This setting is used to to configure the upload URL for data collection for Automation Analytics. (string, default="https://example.com")
DEFAULT_EXECUTION_ENVIRONMENT: The Execution Environment to be used when one has not been configured for a job template. (field, default=None)
CUSTOM_VENV_PATHS: Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line. (list, default=[])
AD_HOC_COMMANDS: List of modules allowed to be used by ad-hoc jobs. (list, default=['command', 'shell', 'yum', 'apt', 'apt_key', 'apt_repository', 'apt_rpm', 'service', 'group', 'user', 'mount', 'ping', 'selinux', 'setup', 'win_ping', 'win_service', 'win_updates', 'win_group', 'win_user'])
ALLOW_JINJA_IN_EXTRA_VARS: Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never". (choice, required)
- always: Always
- never: Never
- template: Only On Job Template Definitions (default)
AWX_ISOLATION_BASE_PATH: The directory in which the service will create new temporary directories for job execution and isolation (such as credential files). (string, required)
AWX_ISOLATION_SHOW_PATHS: List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. (list, default=[])
AWX_TASK_ENV: Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending. (nested object, default={})
AWX_RUNNER_KEEPALIVE_SECONDS: Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open. (integer, required)
GALAXY_TASK_ENV: Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git. (nested object, required)
INSIGHTS_TRACKING_STATE: Enables the service to gather data on automation and send it to Automation Analytics. (boolean, default=False)
PROJECT_UPDATE_VVV: Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates. (boolean, required)
AWX_ROLES_ENABLED: Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects. (boolean, default=True)
AWX_COLLECTIONS_ENABLED: Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects. (boolean, default=True)
AWX_SHOW_PLAYBOOK_LINKS: Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself. (boolean, default=False)
AWX_MOUNT_ISOLATED_PATHS_ON_K8S: Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. (boolean, default=False)
GALAXY_IGNORE_CERTS: If set to true, certificate validation will not be done when installing content from any Galaxy server. (boolean, default=False)
STDOUT_MAX_BYTES_DISPLAY: Maximum Size of Standard Output in bytes to display before requiring the output be downloaded. (integer, required)
EVENT_STDOUT_MAX_BYTES_DISPLAY: Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. stdout will end with ??? when truncated. (integer, required)
MAX_WEBSOCKET_EVENT_RATE: Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit. (integer, default=30)
SCHEDULE_MAX_JOBS: Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created. (integer, required)
AWX_ANSIBLE_CALLBACK_PLUGINS: List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line. (list, default=[])
DEFAULT_JOB_TIMEOUT: Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this. (integer, default=0)
DEFAULT_JOB_IDLE_TIMEOUT: If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed. (integer, default=0)
DEFAULT_INVENTORY_UPDATE_TIMEOUT: Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this. (integer, default=0)
DEFAULT_PROJECT_UPDATE_TIMEOUT: Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this. (integer, default=0)
ANSIBLE_FACT_CACHE_TIMEOUT: Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed. (integer, default=0)
MAX_FORKS: Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied. (integer, default=200)
LOG_AGGREGATOR_HOST: Hostname/IP where external logs will be sent to. (string, default="")
LOG_AGGREGATOR_PORT: Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator). (integer, default=None)
LOG_AGGREGATOR_TYPE: Format messages for the chosen log aggregator. (choice)
- None: --------- (default)
- logstash
- splunk
- loggly
- sumologic
- other
LOG_AGGREGATOR_USERNAME: Username for external log aggregator (if required; HTTP/s only). (string, default="")
LOG_AGGREGATOR_PASSWORD: Password or authentication token for external log aggregator (if required; HTTP/s only). (string, default="")
LOG_AGGREGATOR_LOGGERS: List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics (list, default=['awx', 'activity_stream', 'job_events', 'system_tracking', 'broadcast_websocket'])
LOG_AGGREGATOR_INDIVIDUAL_FACTS: If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing. (boolean, default=False)
LOG_AGGREGATOR_ENABLED: Enable sending logs to external log aggregator. (boolean, default=False)
LOG_AGGREGATOR_TOWER_UUID: Useful to uniquely identify instances. (string, default="")
LOG_AGGREGATOR_PROTOCOL: Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname. (choice)
- https: HTTPS/HTTP (default)
- tcp: TCP
- udp: UDP
LOG_AGGREGATOR_TCP_TIMEOUT: Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols. (integer, default=5)
LOG_AGGREGATOR_VERIFY_CERT: Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection. (boolean, default=True)
LOG_AGGREGATOR_LEVEL: Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting) (choice)
- DEBUG
- INFO (default)
- WARNING
- ERROR
- CRITICAL
LOG_AGGREGATOR_ACTION_QUEUE_SIZE: Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5). (integer, default=131072)
LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB: Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH. (integer, default=1)
LOG_AGGREGATOR_MAX_DISK_USAGE_PATH: Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting. (string, default="/var/lib/awx")
LOG_AGGREGATOR_RSYSLOGD_DEBUG: Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation. (boolean, default=False)
API_400_ERROR_LOG_FORMAT: The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {<variable name>}. (string, default="status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}")
AUTOMATION_ANALYTICS_LAST_GATHER: (datetime, required)
AUTOMATION_ANALYTICS_LAST_ENTRIES: (string, default="")
AUTOMATION_ANALYTICS_GATHER_INTERVAL: Interval (in seconds) between data gathering. (integer, default=14400)
BULK_JOB_MAX_LAUNCH: Max jobs to allow bulk jobs to launch (integer, default=100)
BULK_HOST_MAX_CREATE: Max number of hosts to allow to be created in a single bulk action (integer, default=100)
BULK_HOST_MAX_DELETE: Max number of hosts to allow to be deleted in a single bulk action (integer, default=250)
UI_NEXT: Enable preview of new user interface. (boolean, default=False)
SUBSCRIPTION_USAGE_MODEL: (choice)
- "": Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting (default)
- unique_managed_hosts: Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes
CLEANUP_HOST_METRICS_LAST_TS: (datetime, required)
HOST_METRIC_SUMMARY_TASK_LAST_TS: (datetime, required)
AWX_CLEANUP_PATHS: Enable or Disable TMP Dir cleanup (boolean, default=True)
AWX_REQUEST_PROFILE: Debug web request python timing (boolean, default=False)
DEFAULT_CONTAINER_RUN_OPTIONS: List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug'] (list, default=['--network', 'slirp4netns:enable_ipv6=true'])
RECEPTOR_RELEASE_WORK: Release receptor work (boolean, default=True)
SESSION_COOKIE_AGE: Number of seconds that a user is inactive before they will need to login again. (integer, required)
SESSIONS_PER_USER: Maximum number of simultaneous logged in sessions a user may have. To disable enter -1. (integer, required)
DISABLE_LOCAL_AUTH: Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration. (boolean, required)
AUTH_BASIC_ENABLED: Enable HTTP Basic Auth for the API Browser. (boolean, required)
OAUTH2_PROVIDER: Dictionary for customizing OAuth 2 timeouts, available items are ACCESS_TOKEN_EXPIRE_SECONDS, the duration of access tokens in the number of seconds, AUTHORIZATION_CODE_EXPIRE_SECONDS, the duration of authorization codes in the number of seconds, and REFRESH_TOKEN_EXPIRE_SECONDS, the duration of refresh tokens, after expired access tokens, in the number of seconds. (nested object, default={'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000})
ALLOW_OAUTH2_FOR_EXTERNAL_USERS: For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off. (boolean, default=False)
LOGIN_REDIRECT_OVERRIDE: URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page. (string, default="")
ALLOW_METRICS_FOR_ANONYMOUS_USERS: If true, anonymous users are allowed to poll metrics. (boolean, default=False)
CUSTOM_LOGIN_INFO: If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported. (string, default="")
CUSTOM_LOGO: To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported. (string, default="")
MAX_UI_JOB_EVENTS: Maximum number of job events for the UI to retrieve within a single request. (integer, required)
UI_LIVE_UPDATES_ENABLED: If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details. (boolean, required)
SOCIAL_AUTH_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_USER_FIELDS: When set to an empty list [], this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login. (list, default=None)
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL: Enabling this setting will tell social auth to use the full Email as username instead of the full name (boolean, default=False)
AUTH_LDAP_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
AUTH_LDAP_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
AUTH_LDAP_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
AUTH_LDAP_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
AUTH_LDAP_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
AUTH_LDAP_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
AUTH_LDAP_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
AUTH_LDAP_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
AUTH_LDAP_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
AUTH_LDAP_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
- PosixGroupType
- GroupOfNamesType
- GroupOfUniqueNamesType
- ActiveDirectoryGroupType
- OrganizationalRoleGroupType
- MemberDNGroupType (default)
- NestedGroupOfNamesType
- NestedGroupOfUniqueNamesType
- NestedActiveDirectoryGroupType
- NestedOrganizationalRoleGroupType
- NestedMemberDNGroupType
- PosixUIDGroupType
AUTH_LDAP_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
AUTH_LDAP_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
AUTH_LDAP_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
AUTH_LDAP_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
AUTH_LDAP_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_1_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
AUTH_LDAP_1_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
AUTH_LDAP_1_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
AUTH_LDAP_1_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
AUTH_LDAP_1_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
AUTH_LDAP_1_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
AUTH_LDAP_1_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
AUTH_LDAP_1_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
AUTH_LDAP_1_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
AUTH_LDAP_1_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
- PosixGroupType
- GroupOfNamesType
- GroupOfUniqueNamesType
- ActiveDirectoryGroupType
- OrganizationalRoleGroupType
- MemberDNGroupType (default)
- NestedGroupOfNamesType
- NestedGroupOfUniqueNamesType
- NestedActiveDirectoryGroupType
- NestedOrganizationalRoleGroupType
- NestedMemberDNGroupType
- PosixUIDGroupType
AUTH_LDAP_1_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
AUTH_LDAP_1_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
AUTH_LDAP_1_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
AUTH_LDAP_1_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
AUTH_LDAP_1_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_1_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_2_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
AUTH_LDAP_2_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
AUTH_LDAP_2_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
AUTH_LDAP_2_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
AUTH_LDAP_2_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
AUTH_LDAP_2_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
AUTH_LDAP_2_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
AUTH_LDAP_2_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
AUTH_LDAP_2_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
AUTH_LDAP_2_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
- PosixGroupType
- GroupOfNamesType
- GroupOfUniqueNamesType
- ActiveDirectoryGroupType
- OrganizationalRoleGroupType
- MemberDNGroupType (default)
- NestedGroupOfNamesType
- NestedGroupOfUniqueNamesType
- NestedActiveDirectoryGroupType
- NestedOrganizationalRoleGroupType
- NestedMemberDNGroupType
- PosixUIDGroupType
AUTH_LDAP_2_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
AUTH_LDAP_2_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
AUTH_LDAP_2_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
AUTH_LDAP_2_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
AUTH_LDAP_2_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_2_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_3_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
AUTH_LDAP_3_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
AUTH_LDAP_3_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
AUTH_LDAP_3_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
AUTH_LDAP_3_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
AUTH_LDAP_3_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
AUTH_LDAP_3_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
AUTH_LDAP_3_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
AUTH_LDAP_3_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
AUTH_LDAP_3_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
- PosixGroupType
- GroupOfNamesType
- GroupOfUniqueNamesType
- ActiveDirectoryGroupType
- OrganizationalRoleGroupType
- MemberDNGroupType (default)
- NestedGroupOfNamesType
- NestedGroupOfUniqueNamesType
- NestedActiveDirectoryGroupType
- NestedOrganizationalRoleGroupType
- NestedMemberDNGroupType
- PosixUIDGroupType
AUTH_LDAP_3_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
AUTH_LDAP_3_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
AUTH_LDAP_3_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
AUTH_LDAP_3_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
AUTH_LDAP_3_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_3_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_4_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
AUTH_LDAP_4_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
AUTH_LDAP_4_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
AUTH_LDAP_4_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
AUTH_LDAP_4_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
AUTH_LDAP_4_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
AUTH_LDAP_4_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
AUTH_LDAP_4_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
AUTH_LDAP_4_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
AUTH_LDAP_4_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
- PosixGroupType
- GroupOfNamesType
- GroupOfUniqueNamesType
- ActiveDirectoryGroupType
- OrganizationalRoleGroupType
- MemberDNGroupType (default)
- NestedGroupOfNamesType
- NestedGroupOfUniqueNamesType
- NestedActiveDirectoryGroupType
- NestedOrganizationalRoleGroupType
- NestedMemberDNGroupType
- PosixUIDGroupType
AUTH_LDAP_4_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
AUTH_LDAP_4_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
AUTH_LDAP_4_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
AUTH_LDAP_4_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
AUTH_LDAP_4_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_4_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_5_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
AUTH_LDAP_5_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
AUTH_LDAP_5_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
AUTH_LDAP_5_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
AUTH_LDAP_5_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
AUTH_LDAP_5_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
AUTH_LDAP_5_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
AUTH_LDAP_5_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
AUTH_LDAP_5_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
AUTH_LDAP_5_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
- PosixGroupType
- GroupOfNamesType
- GroupOfUniqueNamesType
- ActiveDirectoryGroupType
- OrganizationalRoleGroupType
- MemberDNGroupType (default)
- NestedGroupOfNamesType
- NestedGroupOfUniqueNamesType
- NestedActiveDirectoryGroupType
- NestedOrganizationalRoleGroupType
- NestedMemberDNGroupType
- PosixUIDGroupType
AUTH_LDAP_5_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
AUTH_LDAP_5_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
AUTH_LDAP_5_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
AUTH_LDAP_5_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
AUTH_LDAP_5_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
AUTH_LDAP_5_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
RADIUS_SERVER: Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty. (string, default="")
RADIUS_PORT: Port of RADIUS server. (integer, default=1812)
RADIUS_SECRET: Shared secret for authenticating to RADIUS server. (string, default="")
TACACSPLUS_HOST: Hostname of TACACS+ server. (string, default="")
TACACSPLUS_PORT: Port number of TACACS+ server. (integer, default=49)
TACACSPLUS_SECRET: Shared secret for authenticating to TACACS+ server. (string, default="")
TACACSPLUS_SESSION_TIMEOUT: TACACS+ session timeout value in seconds, 0 disables timeout. (integer, default=5)
TACACSPLUS_AUTH_PROTOCOL: Choose the authentication protocol used by TACACS+ client. (choice)
- ascii (default)
- pap
TACACSPLUS_REM_ADDR: Enable the client address sending by TACACS+ client. (boolean, default=False)
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: The OAuth2 key from your web application. (string, default="")
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: The OAuth2 secret from your web application. (string, default="")
SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS: Update this setting to restrict the domains who are allowed to login using Google OAuth2. (list, default=[])
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS: Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail. (nested object, default={})
SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_KEY: The OAuth2 key (Client ID) from your GitHub developer application. (string, default="")
SOCIAL_AUTH_GITHUB_SECRET: The OAuth2 secret (Client Secret) from your GitHub developer application. (string, default="")
SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ORG_KEY: The OAuth2 key (Client ID) from your GitHub organization application. (string, default="")
SOCIAL_AUTH_GITHUB_ORG_SECRET: The OAuth2 secret (Client Secret) from your GitHub organization application. (string, default="")
SOCIAL_AUTH_GITHUB_ORG_NAME: The name of your GitHub organization, as used in your organization's URL: https://github.com/<yourorg>/. (string, default="")
SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_TEAM_KEY: The OAuth2 key (Client ID) from your GitHub organization application. (string, default="")
SOCIAL_AUTH_GITHUB_TEAM_SECRET: The OAuth2 secret (Client Secret) from your GitHub organization application. (string, default="")
SOCIAL_AUTH_GITHUB_TEAM_ID: Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. (string, default="")
SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ENTERPRISE_URL: The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL: The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY: The OAuth2 key (Client ID) from your GitHub Enterprise developer application. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET: The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL: The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL: The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY: The OAuth2 key (Client ID) from your GitHub Enterprise organization application. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET: The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME: The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com/<yourorg>/. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL: The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL: The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY: The OAuth2 key (Client ID) from your GitHub Enterprise organization application. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET: The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID: Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. (string, default="")
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: The OAuth2 key (Client ID) from your Azure AD application. (string, default="")
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: The OAuth2 secret (Client Secret) from your Azure AD application. (string, default="")
SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_OIDC_KEY: The OIDC key (Client ID) from your IDP. (string, default="")
SOCIAL_AUTH_OIDC_SECRET: The OIDC secret (Client Secret) from your IDP. (string, default="")
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT: The URL for your OIDC provider including the path up to /.well-known/openid-configuration (string, default="")
SOCIAL_AUTH_OIDC_VERIFY_SSL: Verify the OIDC provider ssl certificate. (boolean, default=True)
SAML_AUTO_CREATE_OBJECTS: When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login. (boolean, default=True)
SOCIAL_AUTH_SAML_SP_ENTITY_ID: The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service. (string, default="")
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: Create a keypair to use as a service provider (SP) and include the certificate content here. (string, required)
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: Create a keypair to use as a service provider (SP) and include the private key content here. (string, required)
SOCIAL_AUTH_SAML_ORG_INFO: Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax. (nested object, required)
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax. (nested object, required)
SOCIAL_AUTH_SAML_SUPPORT_CONTACT: Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax. (nested object, required)
SOCIAL_AUTH_SAML_ENABLED_IDPS: Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax. (nested object, default={})
SOCIAL_AUTH_SAML_SECURITY_CONFIG: A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings (nested object, default={'requestedAuthnContext': False})
SOCIAL_AUTH_SAML_SP_EXTRA: A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting. (nested object, default=None)
SOCIAL_AUTH_SAML_EXTRA_DATA: A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value. (list, default=None)
SOCIAL_AUTH_SAML_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_SAML_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: Used to translate user organization membership. (nested object, default={})
SOCIAL_AUTH_SAML_TEAM_ATTR: Used to translate user team membership. (nested object, default={})
SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: Used to map super users and system auditors from SAML. (nested object, default={})
LOCAL_PASSWORD_MIN_LENGTH: Minimum number of characters required in a local password. 0 means no minimum (integer, default=0)
LOCAL_PASSWORD_MIN_DIGITS: Minimum number of digit characters required in a local password. 0 means no minimum (integer, default=0)
LOCAL_PASSWORD_MIN_UPPER: Minimum number of uppercase characters required in a local password. 0 means no minimum (integer, default=0)
LOCAL_PASSWORD_MIN_SPECIAL: Minimum number of special characters required in a local password. 0 means no minimum (integer, default=0)

For a PUT request, include all fields in the request.

Request

Supported Media Types

application/json

Path Parameters

category_slug(required): string

Root Schema : SettingSingleton

Type: object

Show Source

ACTIVITY_STREAM_ENABLED(required): boolean

Title: Enable Activity Stream

Default Value: true

Enable capturing activity for the activity stream.
ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC(required): boolean

Title: Enable Activity Stream for Inventory Sync

Enable capturing activity for the activity stream when running inventory sync.
AD_HOC_COMMANDS: array AD_HOC_COMMANDS

List of modules allowed to be used by ad-hoc jobs.
ALLOW_JINJA_IN_EXTRA_VARS(required): string

Title: When can extra variables contain Jinja templates?

Default Value: template

Allowed Values: [ "always", "never", "template" ]

Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never".
ALLOW_METRICS_FOR_ANONYMOUS_USERS: boolean

Title: Allow anonymous users to poll metrics

If true, anonymous users are allowed to poll metrics.
ALLOW_OAUTH2_FOR_EXTERNAL_USERS: boolean

Title: Allow External Users to Create OAuth2 Tokens

For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.
ANSIBLE_FACT_CACHE_TIMEOUT: integer

Title: Per-Host Ansible Fact Cache Timeout

Minimum Value: 0

Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.
API_400_ERROR_LOG_FORMAT: string

Title: Log Format For API 4XX Errors

Minimum Length: 1

Default Value: status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}

The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {}.
AUTH_BASIC_ENABLED(required): boolean

Title: Enable HTTP Basic Auth

Default Value: true

Enable HTTP Basic Auth for the API Browser.
AUTH_LDAP_1_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_1_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_1_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_1_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_1_GROUP_SEARCH: array AUTH_LDAP_1_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_1_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_1_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_1_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_1_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_1_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_1_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_1_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_1_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_1_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_1_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_1_USER_SEARCH: array AUTH_LDAP_1_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_2_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_2_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_2_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_2_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_2_GROUP_SEARCH: array AUTH_LDAP_2_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_2_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_2_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_2_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_2_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_2_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_2_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_2_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_2_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_2_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_2_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_2_USER_SEARCH: array AUTH_LDAP_2_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_3_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_3_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_3_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_3_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_3_GROUP_SEARCH: array AUTH_LDAP_3_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_3_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_3_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_3_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_3_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_3_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_3_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_3_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_3_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_3_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_3_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_3_USER_SEARCH: array AUTH_LDAP_3_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_4_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_4_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_4_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_4_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_4_GROUP_SEARCH: array AUTH_LDAP_4_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_4_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_4_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_4_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_4_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_4_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_4_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_4_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_4_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_4_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_4_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_4_USER_SEARCH: array AUTH_LDAP_4_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_5_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_5_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_5_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_5_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_5_GROUP_SEARCH: array AUTH_LDAP_5_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_5_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_5_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_5_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_5_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_5_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_5_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_5_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_5_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_5_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_5_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_5_USER_SEARCH: array AUTH_LDAP_5_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_GROUP_SEARCH: array AUTH_LDAP_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_USER_SEARCH: array AUTH_LDAP_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTHENTICATION_BACKENDS: array AUTHENTICATION_BACKENDS

Read Only: true

List of authentication backends that are enabled based on license features and other authentication settings.
AUTOMATION_ANALYTICS_GATHER_INTERVAL: integer

Title: Automation Analytics Gather Interval

Minimum Value: 1800

Default Value: 14400

Interval (in seconds) between data gathering.
AUTOMATION_ANALYTICS_LAST_ENTRIES: string

Title: Last gathered entries from the data collection service of Automation Analytics
AUTOMATION_ANALYTICS_LAST_GATHER(required): string(date-time)

Title: Last gather date for Automation Analytics.
AUTOMATION_ANALYTICS_URL: string

Title: Automation Analytics upload URL

Minimum Length: 1

Default Value: https://example.com

This setting is used to to configure the upload URL for data collection for Automation Analytics.
AWX_ANSIBLE_CALLBACK_PLUGINS: array AWX_ANSIBLE_CALLBACK_PLUGINS

List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
AWX_CLEANUP_PATHS: boolean

Title: Enable or Disable tmp dir cleanup

Default Value: true

Enable or Disable TMP Dir cleanup
AWX_COLLECTIONS_ENABLED: boolean

Title: Enable Collection(s) Download

Default Value: true

Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.
AWX_ISOLATION_BASE_PATH(required): string

Title: Job execution path

Minimum Length: 1

Default Value: /tmp

The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).
AWX_ISOLATION_SHOW_PATHS: array AWX_ISOLATION_SHOW_PATHS

List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].
AWX_MOUNT_ISOLATED_PATHS_ON_K8S: boolean

Title: Expose host paths for Container Groups

Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible.
AWX_REQUEST_PROFILE: boolean

Title: Debug Web Requests

Debug web request python timing
AWX_ROLES_ENABLED: boolean

Title: Enable Role Download

Default Value: true

Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.
AWX_RUNNER_KEEPALIVE_SECONDS(required): integer

Title: K8S Ansible Runner Keep-Alive Message Interval

Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.
AWX_SHOW_PLAYBOOK_LINKS: boolean

Title: Follow symlinks

Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.
AWX_TASK_ENV: object Extra Environment Variables

Title: Extra Environment Variables

Additional Properties Allowed: additionalProperties

Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
BULK_HOST_MAX_CREATE: integer

Title: Max number of hosts to allow to be created in a single bulk action

Default Value: 100

Max number of hosts to allow to be created in a single bulk action
BULK_HOST_MAX_DELETE: integer

Title: Max number of hosts to allow to be deleted in a single bulk action

Default Value: 250

Max number of hosts to allow to be deleted in a single bulk action
BULK_JOB_MAX_LAUNCH: integer

Title: Max jobs to allow bulk jobs to launch

Default Value: 100

Max jobs to allow bulk jobs to launch
CLEANUP_HOST_METRICS_LAST_TS(required): string(date-time)

Title: Last cleanup date for HostMetrics
CSRF_TRUSTED_ORIGINS: array CSRF_TRUSTED_ORIGINS

If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.
CUSTOM_LOGIN_INFO: string

Title: Custom Login Info

If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.
CUSTOM_LOGO: string

Title: Custom Logo

To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.
CUSTOM_VENV_PATHS: array CUSTOM_VENV_PATHS

Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
DEFAULT_CONTAINER_RUN_OPTIONS: array DEFAULT_CONTAINER_RUN_OPTIONS

List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
DEFAULT_CONTROL_PLANE_QUEUE_NAME: string

Title: The instance group where control plane tasks run

Read Only: true

Minimum Length: 1

Default Value: controlplane
DEFAULT_EXECUTION_ENVIRONMENT: integer

Title: Global default execution environment

The Execution Environment to be used when one has not been configured for a job template.
DEFAULT_EXECUTION_QUEUE_NAME: string

Title: The instance group where user jobs run (currently only on non-VM installs)

Read Only: true

Minimum Length: 1

Default Value: default
DEFAULT_INVENTORY_UPDATE_TIMEOUT: integer

Title: Default Inventory Update Timeout

Minimum Value: 0

Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.
DEFAULT_JOB_IDLE_TIMEOUT: integer

Title: Default Job Idle Timeout

Minimum Value: 0

If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.
DEFAULT_JOB_TIMEOUT: integer

Title: Default Job Timeout

Minimum Value: 0

Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.
DEFAULT_PROJECT_UPDATE_TIMEOUT: integer

Title: Default Project Update Timeout

Minimum Value: 0

Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.
DISABLE_LOCAL_AUTH(required): boolean

Title: Disable the built-in authentication system

Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.
EVENT_STDOUT_MAX_BYTES_DISPLAY(required): integer

Title: Job Event Standard Output Maximum Display Size

Minimum Value: 0

Default Value: 1024

Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.
GALAXY_IGNORE_CERTS: boolean

Title: Ignore Ansible Galaxy SSL Certificate Verification

If set to true, certificate validation will not be done when installing content from any Galaxy server.
GALAXY_TASK_ENV(required): object Environment Variables for Galaxy Commands

Title: Environment Variables for Galaxy Commands

Additional Properties Allowed: additionalProperties

Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
HOST_METRIC_SUMMARY_TASK_LAST_TS(required): string(date-time)

Title: Last computing date of HostMetricSummaryMonthly
INSIGHTS_TRACKING_STATE: boolean

Title: Gather data for Automation Analytics

Enables the service to gather data on automation and send it to Automation Analytics.
INSTALL_UUID: string

Title: Unique identifier for an installation

Read Only: true

Minimum Length: 1

Default Value: 00000000-0000-0000-0000-000000000000
IS_K8S: boolean

Title: Is k8s

Read Only: true

Indicates whether the instance is part of a kubernetes-based deployment.
LICENSE: object License

Title: License

Read Only: true

Additional Properties Allowed: additionalProperties

The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.
LOCAL_PASSWORD_MIN_DIGITS: integer

Title: Minimum number of digit characters in local password

Minimum Value: 0

Minimum number of digit characters required in a local password. 0 means no minimum
LOCAL_PASSWORD_MIN_LENGTH: integer

Title: Minimum number of characters in local password

Minimum Value: 0

Minimum number of characters required in a local password. 0 means no minimum
LOCAL_PASSWORD_MIN_SPECIAL: integer

Title: Minimum number of special characters in local password

Minimum Value: 0

Minimum number of special characters required in a local password. 0 means no minimum
LOCAL_PASSWORD_MIN_UPPER: integer

Title: Minimum number of uppercase characters in local password

Minimum Value: 0

Minimum number of uppercase characters required in a local password. 0 means no minimum
LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB: integer

Title: Maximum disk persistence for rsyslogd action queuing (in GB)

Minimum Value: 1

Default Value: 1

Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.
LOG_AGGREGATOR_ACTION_QUEUE_SIZE: integer

Title: Maximum number of messages that can be stored in the log action queue

Minimum Value: 1

Default Value: 131072

Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).
LOG_AGGREGATOR_ENABLED: boolean

Title: Enable External Logging

Enable sending logs to external log aggregator.
LOG_AGGREGATOR_HOST: string

Title: Logging Aggregator

Minimum Length: 1

Hostname/IP where external logs will be sent to.
LOG_AGGREGATOR_INDIVIDUAL_FACTS: boolean

Title: Log System Tracking Facts Individually

If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.
LOG_AGGREGATOR_LEVEL: string

Title: Logging Aggregator Level Threshold

Default Value: INFO

Allowed Values: [ "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL" ]

Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)
LOG_AGGREGATOR_LOGGERS: array LOG_AGGREGATOR_LOGGERS

List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics
LOG_AGGREGATOR_MAX_DISK_USAGE_PATH: string

Title: File system location for rsyslogd disk persistence

Minimum Length: 1

Default Value: /var/lib/awx

Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.
LOG_AGGREGATOR_PASSWORD: string

Title: Logging Aggregator Password/Token

Password or authentication token for external log aggregator (if required; HTTP/s only).
LOG_AGGREGATOR_PORT: integer

Title: Logging Aggregator Port

Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).
LOG_AGGREGATOR_PROTOCOL: string

Title: Logging Aggregator Protocol

Default Value: https

Allowed Values: [ "https", "tcp", "udp" ]

Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.
LOG_AGGREGATOR_RSYSLOGD_DEBUG: boolean

Title: Enable rsyslogd debugging

Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.
LOG_AGGREGATOR_TCP_TIMEOUT: integer

Title: TCP Connection Timeout

Default Value: 5

Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.
LOG_AGGREGATOR_TOWER_UUID: string

Title: Cluster-wide unique identifier.

Useful to uniquely identify instances.
LOG_AGGREGATOR_TYPE: string

Title: Logging Aggregator Type

Allowed Values: [ "logstash", "splunk", "loggly", "sumologic", "other" ]

Format messages for the chosen log aggregator.
LOG_AGGREGATOR_USERNAME: string

Title: Logging Aggregator Username

Username for external log aggregator (if required; HTTP/s only).
LOG_AGGREGATOR_VERIFY_CERT: boolean

Title: Enable/disable HTTPS certificate verification

Default Value: true

Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.
LOGIN_REDIRECT_OVERRIDE: string

Title: Login redirect override URL

URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.
MANAGE_ORGANIZATION_AUTH(required): boolean

Title: Organization Admins Can Manage Users and Teams

Default Value: true

Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.
MAX_FORKS: integer

Title: Maximum number of forks per job

Default Value: 200

Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.
MAX_UI_JOB_EVENTS(required): integer

Title: Max Job Events Retrieved by UI

Minimum Value: 100

Default Value: 4000

Maximum number of job events for the UI to retrieve within a single request.
MAX_WEBSOCKET_EVENT_RATE: integer

Title: Job Event Maximum Websocket Messages Per Second

Minimum Value: 0

Default Value: 30

Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.
OAUTH2_PROVIDER: object OAuth 2 Timeout Settings

Title: OAuth 2 Timeout Settings

Additional Properties Allowed: additionalProperties

Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
ORG_ADMINS_CAN_SEE_ALL_USERS(required): boolean

Title: All Users Visible to Organization Admins

Default Value: true

Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.
PENDO_TRACKING_STATE: string

Title: User Analytics Tracking State

Read Only: true

Default Value: off

Allowed Values: [ "off", "anonymous", "detailed" ]

Enable or Disable User Analytics Tracking.
PROJECT_UPDATE_VVV(required): boolean

Title: Run Project Updates With Higher Verbosity

Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.
PROXY_IP_ALLOWED_LIST(required): array PROXY_IP_ALLOWED_LIST

If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
RADIUS_PORT: integer

Title: RADIUS Port

Minimum Value: 1

Maximum Value: 65535

Default Value: 1812

Port of RADIUS server.
RADIUS_SECRET: string

Title: RADIUS Secret

Shared secret for authenticating to RADIUS server.
RADIUS_SERVER: string

Title: RADIUS Server

Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.
RECEPTOR_NO_SIG: boolean

Title: Receptor no sig

Read Only: true

Default Value: true

Indicates whether signatures for receptor work requests should be enforced.
RECEPTOR_RELEASE_WORK: boolean

Title: Release Receptor Work

Default Value: true

Release receptor work
REDHAT_PASSWORD: string

Title: Red Hat customer password

This password is used to send data to Automation Analytics
REDHAT_USERNAME: string

Title: Red Hat customer username

This username is used to send data to Automation Analytics
REMOTE_HOST_HEADERS(required): array REMOTE_HOST_HEADERS

HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.
SAML_AUTO_CREATE_OBJECTS: boolean

Title: Automatically Create Organizations and Teams on SAML Login

Default Value: true

When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.
SCHEDULE_MAX_JOBS(required): integer

Title: Maximum Scheduled Jobs

Minimum Value: 1

Default Value: 10

Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
SESSION_COOKIE_AGE(required): integer

Title: Idle Time Force Log Out

Minimum Value: 60

Maximum Value: 30000000000

Default Value: 1800

Number of seconds that a user is inactive before they will need to login again.
SESSIONS_PER_USER(required): integer

Title: Maximum number of simultaneous logged in sessions

Minimum Value: -1

Default Value: -1

Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.
SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL: string

Title: Azure AD OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/azuread-oauth2/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: string

Title: Azure AD OAuth2 Key

The OAuth2 key (Client ID) from your Azure AD application.
SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP: object Azure AD OAuth2 Organization Map

Title: Azure AD OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: string

Title: Azure AD OAuth2 Secret

The OAuth2 secret (Client Secret) from your Azure AD application.
SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP: object Azure AD OAuth2 Team Map

Title: Azure AD OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_CALLBACK_URL: string

Title: GitHub OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL: string

Title: GitHub Enterprise API URL

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL: string

Title: GitHub Enterprise OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-enterprise/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY: string

Title: GitHub Enterprise OAuth2 Key

The OAuth2 key (Client ID) from your GitHub Enterprise developer application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL: string

Title: GitHub Enterprise Organization API URL

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL: string

Title: GitHub Enterprise Organization OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-enterprise-org/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY: string

Title: GitHub Enterprise Organization OAuth2 Key

The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME: string

Title: GitHub Enterprise Organization Name

The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP: object GitHub Enterprise Organization OAuth2 Organization Map

Title: GitHub Enterprise Organization OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET: string

Title: GitHub Enterprise Organization OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP: object GitHub Enterprise Organization OAuth2 Team Map

Title: GitHub Enterprise Organization OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL: string

Title: GitHub Enterprise Organization URL

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP: object GitHub Enterprise OAuth2 Organization Map

Title: GitHub Enterprise OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET: string

Title: GitHub Enterprise OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL: string

Title: GitHub Enterprise Team API URL

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL: string

Title: GitHub Enterprise Team OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-enterprise-team/

Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID: string

Title: GitHub Enterprise Team ID

Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY: string

Title: GitHub Enterprise Team OAuth2 Key

The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP: object GitHub Enterprise OAuth2 Team Map

Title: GitHub Enterprise OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP: object GitHub Enterprise Team OAuth2 Organization Map

Title: GitHub Enterprise Team OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET: string

Title: GitHub Enterprise Team OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP: object GitHub Enterprise Team OAuth2 Team Map

Title: GitHub Enterprise Team OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL: string

Title: GitHub Enterprise Team URL

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_URL: string

Title: GitHub Enterprise URL

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_KEY: string

Title: GitHub OAuth2 Key

The OAuth2 key (Client ID) from your GitHub developer application.
SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL: string

Title: GitHub Organization OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-org/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ORG_KEY: string

Title: GitHub Organization OAuth2 Key

The OAuth2 key (Client ID) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_ORG_NAME: string

Title: GitHub Organization Name

The name of your GitHub organization, as used in your organization's URL: https://github.com//.
SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP: object GitHub Organization OAuth2 Organization Map

Title: GitHub Organization OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ORG_SECRET: string

Title: GitHub Organization OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP: object GitHub Organization OAuth2 Team Map

Title: GitHub Organization OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP: object GitHub OAuth2 Organization Map

Title: GitHub OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_SECRET: string

Title: GitHub OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub developer application.
SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL: string

Title: GitHub Team OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-team/

Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
SOCIAL_AUTH_GITHUB_TEAM_ID: string

Title: GitHub Team ID

Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
SOCIAL_AUTH_GITHUB_TEAM_KEY: string

Title: GitHub Team OAuth2 Key

The OAuth2 key (Client ID) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_TEAM_MAP: object GitHub OAuth2 Team Map

Title: GitHub OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP: object GitHub Team OAuth2 Organization Map

Title: GitHub Team OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_TEAM_SECRET: string

Title: GitHub Team OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP: object GitHub Team OAuth2 Team Map

Title: GitHub Team OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS: object Google OAuth2 Extra Arguments

Title: Google OAuth2 Extra Arguments

Additional Properties Allowed: additionalProperties

Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL: string

Title: Google OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/google-oauth2/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: string

Title: Google OAuth2 Key

The OAuth2 key from your web application.
SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP: object Google OAuth2 Organization Map

Title: Google OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: string

Title: Google OAuth2 Secret

The OAuth2 secret from your web application.
SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP: object Google OAuth2 Team Map

Title: Google OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS: array SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Update this setting to restrict the domains who are allowed to login using Google OAuth2.
SOCIAL_AUTH_OIDC_KEY: string

Title: OIDC Key

Minimum Length: 1

The OIDC key (Client ID) from your IDP.
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT: string

Title: OIDC Provider URL

The URL for your OIDC provider including the path up to /.well-known/openid-configuration
SOCIAL_AUTH_OIDC_SECRET: string

Title: OIDC Secret

The OIDC secret (Client Secret) from your IDP.
SOCIAL_AUTH_OIDC_VERIFY_SSL: boolean

Title: Verify OIDC Provider Certificate

Default Value: true

Verify the OIDC provider ssl certificate.
SOCIAL_AUTH_ORGANIZATION_MAP: object Social Auth Organization Map

Title: Social Auth Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_CALLBACK_URL: string

Title: SAML Assertion Consumer Service (ACS) URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/saml/

Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.
SOCIAL_AUTH_SAML_ENABLED_IDPS: object SAML Enabled Identity Providers

Title: SAML Enabled Identity Providers

Additional Properties Allowed: additionalProperties

Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
SOCIAL_AUTH_SAML_EXTRA_DATA: array SOCIAL_AUTH_SAML_EXTRA_DATA

A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
SOCIAL_AUTH_SAML_METADATA_URL: string

Title: SAML Service Provider Metadata URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/metadata/saml/

If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.
SOCIAL_AUTH_SAML_ORG_INFO(required): object SAML Service Provider Organization Info

Title: SAML Service Provider Organization Info

Additional Properties Allowed: additionalProperties

Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: object SAML Organization Attribute Mapping

Title: SAML Organization Attribute Mapping

Additional Properties Allowed: additionalProperties

Used to translate user organization membership.
SOCIAL_AUTH_SAML_ORGANIZATION_MAP: object SAML Organization Map

Title: SAML Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_SECURITY_CONFIG: object SAML Security Config

Title: SAML Security Config

Additional Properties Allowed: additionalProperties

A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
SOCIAL_AUTH_SAML_SP_ENTITY_ID: string

Title: SAML Service Provider Entity ID

The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.
SOCIAL_AUTH_SAML_SP_EXTRA: object SAML Service Provider extra configuration data

Title: SAML Service Provider extra configuration data

Additional Properties Allowed: additionalProperties

A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY(required): string

Title: SAML Service Provider Private Key

Create a keypair to use as a service provider (SP) and include the private key content here.
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT(required): string

Title: SAML Service Provider Public Certificate

Create a keypair to use as a service provider (SP) and include the certificate content here.
SOCIAL_AUTH_SAML_SUPPORT_CONTACT(required): object SAML Service Provider Support Contact

Title: SAML Service Provider Support Contact

Additional Properties Allowed: additionalProperties

Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_TEAM_ATTR: object SAML Team Attribute Mapping

Title: SAML Team Attribute Mapping

Additional Properties Allowed: additionalProperties

Used to translate user team membership.
SOCIAL_AUTH_SAML_TEAM_MAP: object SAML Team Map

Title: SAML Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT(required): object SAML Service Provider Technical Contact

Title: SAML Service Provider Technical Contact

Additional Properties Allowed: additionalProperties

Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: object SAML User Flags Attribute Mapping

Title: SAML User Flags Attribute Mapping

Additional Properties Allowed: additionalProperties

Used to map super users and system auditors from SAML.
SOCIAL_AUTH_TEAM_MAP: object Social Auth Team Map

Title: Social Auth Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_USER_FIELDS: array SOCIAL_AUTH_USER_FIELDS

When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL: boolean

Title: Use Email address for usernames

Enabling this setting will tell social auth to use the full Email as username instead of the full name
STDOUT_MAX_BYTES_DISPLAY(required): integer

Title: Standard Output Maximum Display Size

Minimum Value: 0

Default Value: 1048576

Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
SUBSCRIPTION_USAGE_MODEL: string

Title: Defines subscription usage model and shows Host Metrics

Allowed Values: [ "", "unique_managed_hosts" ]
SUBSCRIPTIONS_PASSWORD: string

Title: Red Hat or Satellite password

This password is used to retrieve subscription and content information
SUBSCRIPTIONS_USERNAME: string

Title: Red Hat or Satellite username

This username is used to retrieve subscription and content information
TACACSPLUS_AUTH_PROTOCOL: string

Title: TACACS+ Authentication Protocol

Default Value: ascii

Allowed Values: [ "ascii", "pap" ]

Choose the authentication protocol used by TACACS+ client.
TACACSPLUS_HOST: string

Title: TACACS+ Server

Hostname of TACACS+ server.
TACACSPLUS_PORT: integer

Title: TACACS+ Port

Minimum Value: 1

Maximum Value: 65535

Default Value: 49

Port number of TACACS+ server.
TACACSPLUS_REM_ADDR: boolean

Title: TACACS+ client address sending enabled

Enable the client address sending by TACACS+ client.
TACACSPLUS_SECRET: string

Title: TACACS+ Secret

Shared secret for authenticating to TACACS+ server.
TACACSPLUS_SESSION_TIMEOUT: integer

Title: TACACS+ Auth Session Timeout

Minimum Value: 0

Default Value: 5

TACACS+ session timeout value in seconds, 0 disables timeout.
TOWER_URL_BASE(required): string

Title: Base URL of the service

Minimum Length: 1

Default Value: https://olamhost

This setting is used by services like notifications to render a valid url to the service.
UI_LIVE_UPDATES_ENABLED(required): boolean

Title: Enable Live Updates in the UI

Default Value: true

If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.
UI_NEXT: boolean

Title: Enable Preview of New User Interface

Enable preview of new user interface.

{
    "properties":{
        "ACTIVITY_STREAM_ENABLED":{
            "default":true,
            "description":"Enable capturing activity for the activity stream.",
            "title":"Enable Activity Stream",
            "type":"boolean"
        },
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC":{
            "description":"Enable capturing activity for the activity stream when running inventory sync.",
            "title":"Enable Activity Stream for Inventory Sync",
            "type":"boolean"
        },
        "AD_HOC_COMMANDS":{
            "default":[
                "command",
                "shell",
                "yum",
                "apt",
                "apt_key",
                "apt_repository",
                "apt_rpm",
                "service",
                "group",
                "user",
                "mount",
                "ping",
                "selinux",
                "setup",
                "win_ping",
                "win_service",
                "win_updates",
                "win_group",
                "win_user"
            ],
            "description":"List of modules allowed to be used by ad-hoc jobs.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "ALLOW_JINJA_IN_EXTRA_VARS":{
            "default":"template",
            "description":"Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python.  It is recommended that this value be set to \"template\" or \"never\".",
            "enum":[
                "always",
                "never",
                "template"
            ],
            "title":"When can extra variables contain Jinja templates?",
            "type":"string"
        },
        "ALLOW_METRICS_FOR_ANONYMOUS_USERS":{
            "description":"If true, anonymous users are allowed to poll metrics.",
            "title":"Allow anonymous users to poll metrics",
            "type":"boolean"
        },
        "ALLOW_OAUTH2_FOR_EXTERNAL_USERS":{
            "description":"For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
            "title":"Allow External Users to Create OAuth2 Tokens",
            "type":"boolean"
        },
        "ANSIBLE_FACT_CACHE_TIMEOUT":{
            "description":"Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
            "minimum":"0",
            "title":"Per-Host Ansible Fact Cache Timeout",
            "type":"integer"
        },
        "API_400_ERROR_LOG_FORMAT":{
            "default":"status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}",
            "description":"The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {<variable name>}.",
            "minLength":"1",
            "title":"Log Format For API 4XX Errors",
            "type":"string"
        },
        "AUTHENTICATION_BACKENDS":{
            "default":[
                "awx.sso.backends.TACACSPlusBackend",
                "awx.main.backends.AWXModelBackend"
            ],
            "description":"List of authentication backends that are enabled based on license features and other authentication settings.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "readOnly":true,
            "type":"array"
        },
        "AUTH_BASIC_ENABLED":{
            "default":true,
            "description":"Enable HTTP Basic Auth for the API Browser.",
            "title":"Enable HTTP Basic Auth",
            "type":"boolean"
        },
        "AUTH_LDAP_1_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_1_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_1_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_1_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_1_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_1_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_1_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_1_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_1_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_1_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_2_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_2_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_2_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_2_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_2_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_2_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_2_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_2_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_3_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_3_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_3_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_3_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_3_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_3_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_3_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_3_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_3_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_3_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_4_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_4_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_4_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_4_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_4_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_4_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_4_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_4_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_4_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_4_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_5_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_5_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_5_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_5_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_5_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_5_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_5_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_5_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_5_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_5_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTOMATION_ANALYTICS_GATHER_INTERVAL":{
            "default":"14400",
            "description":"Interval (in seconds) between data gathering.",
            "minimum":"1800",
            "title":"Automation Analytics Gather Interval",
            "type":"integer"
        },
        "AUTOMATION_ANALYTICS_LAST_ENTRIES":{
            "title":"Last gathered entries from the data collection service of Automation Analytics",
            "type":"string"
        },
        "AUTOMATION_ANALYTICS_LAST_GATHER":{
            "format":"date-time",
            "title":"Last gather date for Automation Analytics.",
            "type":"string",
            "x-nullable":true
        },
        "AUTOMATION_ANALYTICS_URL":{
            "default":"https://example.com",
            "description":"This setting is used to to configure the upload URL for data collection for Automation Analytics.",
            "minLength":"1",
            "title":"Automation Analytics upload URL",
            "type":"string"
        },
        "AWX_ANSIBLE_CALLBACK_PLUGINS":{
            "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "AWX_CLEANUP_PATHS":{
            "default":true,
            "description":"Enable or Disable TMP Dir cleanup",
            "title":"Enable or Disable tmp dir cleanup",
            "type":"boolean"
        },
        "AWX_COLLECTIONS_ENABLED":{
            "default":true,
            "description":"Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "title":"Enable Collection(s) Download",
            "type":"boolean"
        },
        "AWX_ISOLATION_BASE_PATH":{
            "default":"/tmp",
            "description":"The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
            "minLength":"1",
            "title":"Job execution path",
            "type":"string"
        },
        "AWX_ISOLATION_SHOW_PATHS":{
            "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "AWX_MOUNT_ISOLATED_PATHS_ON_K8S":{
            "description":"Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. ",
            "title":"Expose host paths for Container Groups",
            "type":"boolean"
        },
        "AWX_REQUEST_PROFILE":{
            "description":"Debug web request python timing",
            "title":"Debug Web Requests",
            "type":"boolean"
        },
        "AWX_ROLES_ENABLED":{
            "default":true,
            "description":"Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "title":"Enable Role Download",
            "type":"boolean"
        },
        "AWX_RUNNER_KEEPALIVE_SECONDS":{
            "description":"Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
            "title":"K8S Ansible Runner Keep-Alive Message Interval",
            "type":"integer"
        },
        "AWX_SHOW_PLAYBOOK_LINKS":{
            "description":"Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
            "title":"Follow symlinks",
            "type":"boolean"
        },
        "AWX_TASK_ENV":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
            "title":"Extra Environment Variables",
            "type":"object"
        },
        "BULK_HOST_MAX_CREATE":{
            "default":"100",
            "description":"Max number of hosts to allow to be created in a single bulk action",
            "title":"Max number of hosts to allow to be created in a single bulk action",
            "type":"integer"
        },
        "BULK_HOST_MAX_DELETE":{
            "default":"250",
            "description":"Max number of hosts to allow to be deleted in a single bulk action",
            "title":"Max number of hosts to allow to be deleted in a single bulk action",
            "type":"integer"
        },
        "BULK_JOB_MAX_LAUNCH":{
            "default":"100",
            "description":"Max jobs to allow bulk jobs to launch",
            "title":"Max jobs to allow bulk jobs to launch",
            "type":"integer"
        },
        "CLEANUP_HOST_METRICS_LAST_TS":{
            "format":"date-time",
            "title":"Last cleanup date for HostMetrics",
            "type":"string",
            "x-nullable":true
        },
        "CSRF_TRUSTED_ORIGINS":{
            "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. ",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "CUSTOM_LOGIN_INFO":{
            "description":"If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
            "title":"Custom Login Info",
            "type":"string"
        },
        "CUSTOM_LOGO":{
            "description":"To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
            "title":"Custom Logo",
            "type":"string"
        },
        "CUSTOM_VENV_PATHS":{
            "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "DEFAULT_CONTAINER_RUN_OPTIONS":{
            "default":[
                "--network",
                "slirp4netns:enable_ipv6=true"
            ],
            "description":"List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "DEFAULT_CONTROL_PLANE_QUEUE_NAME":{
            "default":"controlplane",
            "minLength":"1",
            "readOnly":true,
            "title":"The instance group where control plane tasks run",
            "type":"string"
        },
        "DEFAULT_EXECUTION_ENVIRONMENT":{
            "description":"The Execution Environment to be used when one has not been configured for a job template.",
            "title":"Global default execution environment",
            "type":"integer",
            "x-nullable":true
        },
        "DEFAULT_EXECUTION_QUEUE_NAME":{
            "default":"default",
            "minLength":"1",
            "readOnly":true,
            "title":"The instance group where user jobs run (currently only on non-VM installs)",
            "type":"string"
        },
        "DEFAULT_INVENTORY_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
            "minimum":"0",
            "title":"Default Inventory Update Timeout",
            "type":"integer"
        },
        "DEFAULT_JOB_IDLE_TIMEOUT":{
            "description":"If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
            "minimum":"0",
            "title":"Default Job Idle Timeout",
            "type":"integer"
        },
        "DEFAULT_JOB_TIMEOUT":{
            "description":"Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
            "minimum":"0",
            "title":"Default Job Timeout",
            "type":"integer"
        },
        "DEFAULT_PROJECT_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
            "minimum":"0",
            "title":"Default Project Update Timeout",
            "type":"integer"
        },
        "DISABLE_LOCAL_AUTH":{
            "description":"Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
            "title":"Disable the built-in authentication system",
            "type":"boolean"
        },
        "EVENT_STDOUT_MAX_BYTES_DISPLAY":{
            "default":"1024",
            "description":"Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.",
            "minimum":"0",
            "title":"Job Event Standard Output Maximum Display Size",
            "type":"integer"
        },
        "GALAXY_IGNORE_CERTS":{
            "description":"If set to true, certificate validation will not be done when installing content from any Galaxy server.",
            "title":"Ignore Ansible Galaxy SSL Certificate Verification",
            "type":"boolean"
        },
        "GALAXY_TASK_ENV":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "default":{
                "ANSIBLE_FORCE_COLOR":"false",
                "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
            },
            "description":"Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
            "title":"Environment Variables for Galaxy Commands",
            "type":"object"
        },
        "HOST_METRIC_SUMMARY_TASK_LAST_TS":{
            "format":"date-time",
            "title":"Last computing date of HostMetricSummaryMonthly",
            "type":"string",
            "x-nullable":true
        },
        "INSIGHTS_TRACKING_STATE":{
            "description":"Enables the service to gather data on automation and send it to Automation Analytics.",
            "title":"Gather data for Automation Analytics",
            "type":"boolean"
        },
        "INSTALL_UUID":{
            "default":"00000000-0000-0000-0000-000000000000",
            "minLength":"1",
            "readOnly":true,
            "title":"Unique identifier for an installation",
            "type":"string"
        },
        "IS_K8S":{
            "description":"Indicates whether the instance is part of a kubernetes-based deployment.",
            "readOnly":true,
            "title":"Is k8s",
            "type":"boolean"
        },
        "LICENSE":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
            "readOnly":true,
            "title":"License",
            "type":"object"
        },
        "LOCAL_PASSWORD_MIN_DIGITS":{
            "description":"Minimum number of digit characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of digit characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_LENGTH":{
            "description":"Minimum number of characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_SPECIAL":{
            "description":"Minimum number of special characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of special characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_UPPER":{
            "description":"Minimum number of uppercase characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of uppercase characters in local password",
            "type":"integer"
        },
        "LOGIN_REDIRECT_OVERRIDE":{
            "description":"URL to which unauthorized users will be redirected to log in.  If blank, users will be sent to the login page.",
            "title":"Login redirect override URL",
            "type":"string"
        },
        "LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB":{
            "default":"1",
            "description":"Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.",
            "minimum":"1",
            "title":"Maximum disk persistence for rsyslogd action queuing (in GB)",
            "type":"integer"
        },
        "LOG_AGGREGATOR_ACTION_QUEUE_SIZE":{
            "default":"131072",
            "description":"Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).",
            "minimum":"1",
            "title":"Maximum number of messages that can be stored in the log action queue",
            "type":"integer"
        },
        "LOG_AGGREGATOR_ENABLED":{
            "description":"Enable sending logs to external log aggregator.",
            "title":"Enable External Logging",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_HOST":{
            "description":"Hostname/IP where external logs will be sent to.",
            "minLength":"1",
            "title":"Logging Aggregator",
            "type":"string",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_INDIVIDUAL_FACTS":{
            "description":"If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
            "title":"Log System Tracking Facts Individually",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_LEVEL":{
            "default":"INFO",
            "description":"Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
            "enum":[
                "DEBUG",
                "INFO",
                "WARNING",
                "ERROR",
                "CRITICAL"
            ],
            "title":"Logging Aggregator Level Threshold",
            "type":"string"
        },
        "LOG_AGGREGATOR_LOGGERS":{
            "default":[
                "awx",
                "activity_stream",
                "job_events",
                "system_tracking",
                "broadcast_websocket"
            ],
            "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH":{
            "default":"/var/lib/awx",
            "description":"Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
            "minLength":"1",
            "title":"File system location for rsyslogd disk persistence",
            "type":"string"
        },
        "LOG_AGGREGATOR_PASSWORD":{
            "description":"Password or authentication token for external log aggregator (if required; HTTP/s only).",
            "title":"Logging Aggregator Password/Token",
            "type":"string"
        },
        "LOG_AGGREGATOR_PORT":{
            "description":"Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
            "title":"Logging Aggregator Port",
            "type":"integer",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_PROTOCOL":{
            "default":"https",
            "description":"Protocol used to communicate with log aggregator.  HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
            "enum":[
                "https",
                "tcp",
                "udp"
            ],
            "title":"Logging Aggregator Protocol",
            "type":"string"
        },
        "LOG_AGGREGATOR_RSYSLOGD_DEBUG":{
            "description":"Enabled high verbosity debugging for rsyslogd.  Useful for debugging connection issues for external log aggregation.",
            "title":"Enable rsyslogd debugging",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_TCP_TIMEOUT":{
            "default":"5",
            "description":"Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
            "title":"TCP Connection Timeout",
            "type":"integer"
        },
        "LOG_AGGREGATOR_TOWER_UUID":{
            "description":"Useful to uniquely identify instances.",
            "title":"Cluster-wide unique identifier.",
            "type":"string"
        },
        "LOG_AGGREGATOR_TYPE":{
            "description":"Format messages for the chosen log aggregator.",
            "enum":[
                "logstash",
                "splunk",
                "loggly",
                "sumologic",
                "other"
            ],
            "title":"Logging Aggregator Type",
            "type":"string",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_USERNAME":{
            "description":"Username for external log aggregator (if required; HTTP/s only).",
            "title":"Logging Aggregator Username",
            "type":"string"
        },
        "LOG_AGGREGATOR_VERIFY_CERT":{
            "default":true,
            "description":"Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
            "title":"Enable/disable HTTPS certificate verification",
            "type":"boolean"
        },
        "MANAGE_ORGANIZATION_AUTH":{
            "default":true,
            "description":"Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
            "title":"Organization Admins Can Manage Users and Teams",
            "type":"boolean"
        },
        "MAX_FORKS":{
            "default":"200",
            "description":"Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
            "title":"Maximum number of forks per job",
            "type":"integer"
        },
        "MAX_UI_JOB_EVENTS":{
            "default":"4000",
            "description":"Maximum number of job events for the UI to retrieve within a single request.",
            "minimum":"100",
            "title":"Max Job Events Retrieved by UI",
            "type":"integer"
        },
        "MAX_WEBSOCKET_EVENT_RATE":{
            "default":"30",
            "description":"Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
            "minimum":"0",
            "title":"Job Event Maximum Websocket Messages Per Second",
            "type":"integer"
        },
        "OAUTH2_PROVIDER":{
            "additionalProperties":{
                "minimum":"1",
                "type":"integer"
            },
            "default":{
                "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
                "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
                "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
            },
            "description":"Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
            "title":"OAuth 2 Timeout Settings",
            "type":"object"
        },
        "ORG_ADMINS_CAN_SEE_ALL_USERS":{
            "default":true,
            "description":"Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
            "title":"All Users Visible to Organization Admins",
            "type":"boolean"
        },
        "PENDO_TRACKING_STATE":{
            "default":"off",
            "description":"Enable or Disable User Analytics Tracking.",
            "enum":[
                "off",
                "anonymous",
                "detailed"
            ],
            "readOnly":true,
            "title":"User Analytics Tracking State",
            "type":"string"
        },
        "PROJECT_UPDATE_VVV":{
            "description":"Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
            "title":"Run Project Updates With Higher Verbosity",
            "type":"boolean"
        },
        "PROXY_IP_ALLOWED_LIST":{
            "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "RADIUS_PORT":{
            "default":"1812",
            "description":"Port of RADIUS server.",
            "maximum":"65535",
            "minimum":"1",
            "title":"RADIUS Port",
            "type":"integer"
        },
        "RADIUS_SECRET":{
            "description":"Shared secret for authenticating to RADIUS server.",
            "title":"RADIUS Secret",
            "type":"string"
        },
        "RADIUS_SERVER":{
            "description":"Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
            "title":"RADIUS Server",
            "type":"string"
        },
        "RECEPTOR_NO_SIG":{
            "default":true,
            "description":"Indicates whether signatures for receptor work requests should be enforced.",
            "readOnly":true,
            "title":"Receptor no sig",
            "type":"boolean"
        },
        "RECEPTOR_RELEASE_WORK":{
            "default":true,
            "description":"Release receptor work",
            "title":"Release Receptor Work",
            "type":"boolean"
        },
        "REDHAT_PASSWORD":{
            "description":"This password is used to send data to Automation Analytics",
            "title":"Red Hat customer password",
            "type":"string"
        },
        "REDHAT_USERNAME":{
            "description":"This username is used to send data to Automation Analytics",
            "title":"Red Hat customer username",
            "type":"string"
        },
        "REMOTE_HOST_HEADERS":{
            "default":[
                "REMOTE_ADDR",
                "REMOTE_HOST"
            ],
            "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "SAML_AUTO_CREATE_OBJECTS":{
            "default":true,
            "description":"When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
            "title":"Automatically Create Organizations and Teams on SAML Login",
            "type":"boolean"
        },
        "SCHEDULE_MAX_JOBS":{
            "default":"10",
            "description":"Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
            "minimum":"1",
            "title":"Maximum Scheduled Jobs",
            "type":"integer"
        },
        "SESSIONS_PER_USER":{
            "default":"-1",
            "description":"Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
            "minimum":"-1",
            "title":"Maximum number of simultaneous logged in sessions",
            "type":"integer"
        },
        "SESSION_COOKIE_AGE":{
            "default":"1800",
            "description":"Number of seconds that a user is inactive before they will need to login again.",
            "maximum":"30000000000",
            "minimum":"60",
            "title":"Idle Time Force Log Out",
            "type":"integer"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/azuread-oauth2/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail. ",
            "minLength":"1",
            "readOnly":true,
            "title":"Azure AD OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY":{
            "description":"The OAuth2 key (Client ID) from your Azure AD application.",
            "title":"Azure AD OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Azure AD OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your Azure AD application.",
            "title":"Azure AD OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Azure AD OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
            "title":"GitHub Enterprise OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Organization API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise-org/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise Organization OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Organization OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME":{
            "description":"The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "title":"GitHub Enterprise Organization Name",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise Organization OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Organization OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise Organization OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Organization URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
            "title":"GitHub Enterprise OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Team API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise-team/",
            "description":"Create an organization-owned application at https://github.com/organizations/<yourorg>/settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise Team OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID":{
            "description":"Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "title":"GitHub Enterprise Team ID",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Team OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise Team OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Team OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise Team OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Team URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub developer application.",
            "title":"GitHub OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-org/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Organization OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "title":"GitHub Organization OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_NAME":{
            "description":"The name of your GitHub organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "title":"GitHub Organization Name",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Organization OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "title":"GitHub Organization OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Organization OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub developer application.",
            "title":"GitHub OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-team/",
            "description":"Create an organization-owned application at https://github.com/organizations/<yourorg>/settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Team OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ID":{
            "description":"Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "title":"GitHub Team ID",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "title":"GitHub Team OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Team OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "title":"GitHub Team OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Team OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
            "title":"Google OAuth2 Extra Arguments",
            "type":"object"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/google-oauth2/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"Google OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY":{
            "description":"The OAuth2 key from your web application.",
            "title":"Google OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Google OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET":{
            "description":"The OAuth2 secret from your web application.",
            "title":"Google OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Google OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS":{
            "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "SOCIAL_AUTH_OIDC_KEY":{
            "description":"The OIDC key (Client ID) from your IDP.",
            "minLength":"1",
            "title":"OIDC Key",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT":{
            "description":"The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
            "title":"OIDC Provider URL",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_SECRET":{
            "description":"The OIDC secret (Client Secret) from your IDP.",
            "title":"OIDC Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_VERIFY_SSL":{
            "default":true,
            "description":"Verify the OIDC provider ssl certificate.",
            "title":"Verify OIDC Provider Certificate",
            "type":"boolean"
        },
        "SOCIAL_AUTH_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Social Auth Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/saml/",
            "description":"Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"SAML Assertion Consumer Service (ACS) URL",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_ENABLED_IDPS":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string",
                    "x-nullable":true
                },
                "type":"object"
            },
            "description":"Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
            "title":"SAML Enabled Identity Providers",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_EXTRA_DATA":{
            "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_METADATA_URL":{
            "default":"https://olamhost/sso/metadata/saml/",
            "description":"If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.",
            "minLength":"1",
            "readOnly":true,
            "title":"SAML Service Provider Metadata URL",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to translate user organization membership.",
            "title":"SAML Organization Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"SAML Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_ORG_INFO":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string",
                    "x-nullable":true
                },
                "type":"object"
            },
            "description":"Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Organization Info",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_SECURITY_CONFIG":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "requestedAuthnContext":false
            },
            "description":"A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
            "title":"SAML Security Config",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_SP_ENTITY_ID":{
            "description":"The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
            "title":"SAML Service Provider Entity ID",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_EXTRA":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
            "title":"SAML Service Provider extra configuration data",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY":{
            "description":"Create a keypair to use as a service provider (SP) and include the private key content here.",
            "title":"SAML Service Provider Private Key",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT":{
            "description":"Create a keypair to use as a service provider (SP) and include the certificate content here.",
            "title":"SAML Service Provider Public Certificate",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Support Contact",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_TEAM_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to translate user team membership.",
            "title":"SAML Team Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"SAML Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Technical Contact",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to map super users and system auditors from SAML.",
            "title":"SAML User Flags Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Social Auth Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL":{
            "description":"Enabling this setting will tell social auth to use the full Email as username instead of the full name",
            "title":"Use Email address for usernames",
            "type":"boolean"
        },
        "SOCIAL_AUTH_USER_FIELDS":{
            "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array",
            "x-nullable":true
        },
        "STDOUT_MAX_BYTES_DISPLAY":{
            "default":"1048576",
            "description":"Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
            "minimum":"0",
            "title":"Standard Output Maximum Display Size",
            "type":"integer"
        },
        "SUBSCRIPTIONS_PASSWORD":{
            "description":"This password is used to retrieve subscription and content information",
            "title":"Red Hat or Satellite password",
            "type":"string"
        },
        "SUBSCRIPTIONS_USERNAME":{
            "description":"This username is used to retrieve subscription and content information",
            "title":"Red Hat or Satellite username",
            "type":"string"
        },
        "SUBSCRIPTION_USAGE_MODEL":{
            "enum":[
                "",
                "unique_managed_hosts"
            ],
            "title":"Defines subscription usage model and shows Host Metrics",
            "type":"string"
        },
        "TACACSPLUS_AUTH_PROTOCOL":{
            "default":"ascii",
            "description":"Choose the authentication protocol used by TACACS+ client.",
            "enum":[
                "ascii",
                "pap"
            ],
            "title":"TACACS+ Authentication Protocol",
            "type":"string"
        },
        "TACACSPLUS_HOST":{
            "description":"Hostname of TACACS+ server.",
            "title":"TACACS+ Server",
            "type":"string"
        },
        "TACACSPLUS_PORT":{
            "default":"49",
            "description":"Port number of TACACS+ server.",
            "maximum":"65535",
            "minimum":"1",
            "title":"TACACS+ Port",
            "type":"integer"
        },
        "TACACSPLUS_REM_ADDR":{
            "description":"Enable the client address sending by TACACS+ client.",
            "title":"TACACS+ client address sending enabled",
            "type":"boolean"
        },
        "TACACSPLUS_SECRET":{
            "description":"Shared secret for authenticating to TACACS+ server.",
            "title":"TACACS+ Secret",
            "type":"string"
        },
        "TACACSPLUS_SESSION_TIMEOUT":{
            "default":"5",
            "description":"TACACS+ session timeout value in seconds, 0 disables timeout.",
            "minimum":"0",
            "title":"TACACS+ Auth Session Timeout",
            "type":"integer"
        },
        "TOWER_URL_BASE":{
            "default":"https://olamhost",
            "description":"This setting is used by services like notifications to render a valid url to the service.",
            "minLength":"1",
            "title":"Base URL of the service",
            "type":"string"
        },
        "UI_LIVE_UPDATES_ENABLED":{
            "default":true,
            "description":"If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
            "title":"Enable Live Updates in the UI",
            "type":"boolean"
        },
        "UI_NEXT":{
            "description":"Enable preview of new user interface.",
            "title":"Enable Preview of New User Interface",
            "type":"boolean"
        }
    },
    "required":[
        "ACTIVITY_STREAM_ENABLED",
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC",
        "ORG_ADMINS_CAN_SEE_ALL_USERS",
        "MANAGE_ORGANIZATION_AUTH",
        "TOWER_URL_BASE",
        "REMOTE_HOST_HEADERS",
        "PROXY_IP_ALLOWED_LIST",
        "ALLOW_JINJA_IN_EXTRA_VARS",
        "AWX_ISOLATION_BASE_PATH",
        "AWX_RUNNER_KEEPALIVE_SECONDS",
        "GALAXY_TASK_ENV",
        "PROJECT_UPDATE_VVV",
        "STDOUT_MAX_BYTES_DISPLAY",
        "EVENT_STDOUT_MAX_BYTES_DISPLAY",
        "SCHEDULE_MAX_JOBS",
        "AUTOMATION_ANALYTICS_LAST_GATHER",
        "CLEANUP_HOST_METRICS_LAST_TS",
        "HOST_METRIC_SUMMARY_TASK_LAST_TS",
        "SESSION_COOKIE_AGE",
        "SESSIONS_PER_USER",
        "DISABLE_LOCAL_AUTH",
        "AUTH_BASIC_ENABLED",
        "MAX_UI_JOB_EVENTS",
        "UI_LIVE_UPDATES_ENABLED",
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT",
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY",
        "SOCIAL_AUTH_SAML_ORG_INFO",
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT",
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT"
    ],
    "type":"object"
}

Nested Schema : AD_HOC_COMMANDS

Type: array

List of modules allowed to be used by ad-hoc jobs.

Default Value:

[
    "command",
    "shell",
    "yum",
    "apt",
    "apt_key",
    "apt_repository",
    "apt_rpm",
    "service",
    "group",
    "user",
    "mount",
    "ping",
    "selinux",
    "setup",
    "win_ping",
    "win_service",
    "win_updates",
    "win_group",
    "win_user"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "command",
        "shell",
        "yum",
        "apt",
        "apt_key",
        "apt_repository",
        "apt_rpm",
        "service",
        "group",
        "user",
        "mount",
        "ping",
        "selinux",
        "setup",
        "win_ping",
        "win_service",
        "win_updates",
        "win_group",
        "win_user"
    ],
    "description":"List of modules allowed to be used by ad-hoc jobs.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_1_GROUP_SEARCH

Type: array

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_1_USER_SEARCH

Type: array

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_2_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_2_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_3_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_3_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_4_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_4_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_5_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_5_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : AUTHENTICATION_BACKENDS

Type: array

Read Only: true

List of authentication backends that are enabled based on license features and other authentication settings.

Default Value:

[
    "awx.sso.backends.TACACSPlusBackend",
    "awx.main.backends.AWXModelBackend"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "awx.sso.backends.TACACSPlusBackend",
        "awx.main.backends.AWXModelBackend"
    ],
    "description":"List of authentication backends that are enabled based on license features and other authentication settings.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "readOnly":true,
    "type":"array"
}

Nested Schema : AWX_ANSIBLE_CALLBACK_PLUGINS

Type: array

List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AWX_ISOLATION_SHOW_PATHS

Type: array

List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].

Show Source

Array of: string

Minimum Length: 1

{
    "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Extra Environment Variables

Type: object

Title: Extra Environment Variables

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
    "title":"Extra Environment Variables",
    "type":"object"
}

Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.

Nested Schema : CSRF_TRUSTED_ORIGINS

Type: array

If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. ",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : CUSTOM_VENV_PATHS

Type: array

Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : DEFAULT_CONTAINER_RUN_OPTIONS

Type: array

List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']

Default Value:

[
    "--network",
    "slirp4netns:enable_ipv6=true"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "--network",
        "slirp4netns:enable_ipv6=true"
    ],
    "description":"List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Environment Variables for Galaxy Commands

Type: object

Title: Environment Variables for Galaxy Commands

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "default":{
        "ANSIBLE_FORCE_COLOR":"false",
        "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
    },
    "description":"Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
    "title":"Environment Variables for Galaxy Commands",
    "type":"object"
}

Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.

Default Value:

{
    "ANSIBLE_FORCE_COLOR":"false",
    "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
}

Nested Schema : License

Type: object

Title: License

Read Only: true

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
    "readOnly":true,
    "title":"License",
    "type":"object"
}

The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.

Nested Schema : LOG_AGGREGATOR_LOGGERS

Type: array

List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics

Default Value:

[
    "awx",
    "activity_stream",
    "job_events",
    "system_tracking",
    "broadcast_websocket"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "awx",
        "activity_stream",
        "job_events",
        "system_tracking",
        "broadcast_websocket"
    ],
    "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : OAuth 2 Timeout Settings

Type: object

Title: OAuth 2 Timeout Settings

Additional Properties Allowed

Show Source

integer

Minimum Value: 1

{
    "additionalProperties":{
        "minimum":"1",
        "type":"integer"
    },
    "default":{
        "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
        "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
        "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
    },
    "description":"Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
    "title":"OAuth 2 Timeout Settings",
    "type":"object"
}

Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.

Default Value:

{
    "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
    "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
    "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
}

Nested Schema : PROXY_IP_ALLOWED_LIST

Type: array

If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')

Show Source

Array of: string

Minimum Length: 1

{
    "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : REMOTE_HOST_HEADERS

Type: array

HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.

Default Value:

[
    "REMOTE_ADDR",
    "REMOTE_HOST"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "REMOTE_ADDR",
        "REMOTE_HOST"
    ],
    "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Azure AD OAuth2 Organization Map

Type: object

Title: Azure AD OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Azure AD OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : Azure AD OAuth2 Team Map

Type: object

Title: Azure AD OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Azure AD OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Enterprise Organization OAuth2 Organization Map

Type: object

Title: GitHub Enterprise Organization OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise Organization OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Enterprise Organization OAuth2 Team Map

Type: object

Title: GitHub Enterprise Organization OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise Organization OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Enterprise OAuth2 Organization Map

Type: object

Title: GitHub Enterprise OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Enterprise OAuth2 Team Map

Type: object

Title: GitHub Enterprise OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Enterprise Team OAuth2 Organization Map

Type: object

Title: GitHub Enterprise Team OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise Team OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Enterprise Team OAuth2 Team Map

Type: object

Title: GitHub Enterprise Team OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise Team OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Organization OAuth2 Organization Map

Type: object

Title: GitHub Organization OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Organization OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Organization OAuth2 Team Map

Type: object

Title: GitHub Organization OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Organization OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub OAuth2 Organization Map

Type: object

Title: GitHub OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub OAuth2 Team Map

Type: object

Title: GitHub OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Team OAuth2 Organization Map

Type: object

Title: GitHub Team OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Team OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Team OAuth2 Team Map

Type: object

Title: GitHub Team OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Team OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : Google OAuth2 Extra Arguments

Type: object

Title: Google OAuth2 Extra Arguments

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
    "title":"Google OAuth2 Extra Arguments",
    "type":"object"
}

Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.

Nested Schema : Google OAuth2 Organization Map

Type: object

Title: Google OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Google OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : Google OAuth2 Team Map

Type: object

Title: Google OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Google OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Type: array

Update this setting to restrict the domains who are allowed to login using Google OAuth2.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Social Auth Organization Map

Type: object

Title: Social Auth Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Social Auth Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : SAML Enabled Identity Providers

Type: object

Title: SAML Enabled Identity Providers

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string",
            "x-nullable":true
        },
        "type":"object"
    },
    "description":"Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
    "title":"SAML Enabled Identity Providers",
    "type":"object"
}

Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.

Nested Schema : SOCIAL_AUTH_SAML_EXTRA_DATA

Type: array

A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.

Show Source

Array of: string

{
    "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array",
    "x-nullable":true
}

Nested Schema : SAML Service Provider Organization Info

Type: object

Title: SAML Service Provider Organization Info

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string",
            "x-nullable":true
        },
        "type":"object"
    },
    "description":"Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Organization Info",
    "type":"object"
}

Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.

Nested Schema : SAML Organization Attribute Mapping

Type: object

Title: SAML Organization Attribute Mapping

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to translate user organization membership.",
    "title":"SAML Organization Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

Used to translate user organization membership.

Nested Schema : SAML Organization Map

Type: object

Title: SAML Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"SAML Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : SAML Security Config

Type: object

Title: SAML Security Config

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "requestedAuthnContext":false
    },
    "description":"A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
    "title":"SAML Security Config",
    "type":"object",
    "x-nullable":true
}

A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings

Default Value:

{
    "requestedAuthnContext":false
}

Nested Schema : SAML Service Provider extra configuration data

Type: object

Title: SAML Service Provider extra configuration data

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
    "title":"SAML Service Provider extra configuration data",
    "type":"object",
    "x-nullable":true
}

A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.

Nested Schema : SAML Service Provider Support Contact

Type: object

Title: SAML Service Provider Support Contact

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Support Contact",
    "type":"object"
}

Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.

Nested Schema : SAML Team Attribute Mapping

Type: object

Title: SAML Team Attribute Mapping

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to translate user team membership.",
    "title":"SAML Team Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

Used to translate user team membership.

Nested Schema : SAML Team Map

Type: object

Title: SAML Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"SAML Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SAML Service Provider Technical Contact

Type: object

Title: SAML Service Provider Technical Contact

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Technical Contact",
    "type":"object"
}

Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.

Nested Schema : SAML User Flags Attribute Mapping

Type: object

Title: SAML User Flags Attribute Mapping

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to map super users and system auditors from SAML.",
    "title":"SAML User Flags Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

Used to map super users and system auditors from SAML.

Nested Schema : Social Auth Team Map

Type: object

Title: Social Auth Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Social Auth Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_USER_FIELDS

Type: array

When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array",
    "x-nullable":true
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Response

Supported Media Types

application/json

200 Response

Root Schema : SettingSingleton

Type: object

Show Source

ACTIVITY_STREAM_ENABLED(required): boolean

Title: Enable Activity Stream

Default Value: true

Enable capturing activity for the activity stream.
ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC(required): boolean

Title: Enable Activity Stream for Inventory Sync

Enable capturing activity for the activity stream when running inventory sync.
AD_HOC_COMMANDS: array AD_HOC_COMMANDS

List of modules allowed to be used by ad-hoc jobs.
ALLOW_JINJA_IN_EXTRA_VARS(required): string

Title: When can extra variables contain Jinja templates?

Default Value: template

Allowed Values: [ "always", "never", "template" ]

Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never".
ALLOW_METRICS_FOR_ANONYMOUS_USERS: boolean

Title: Allow anonymous users to poll metrics

If true, anonymous users are allowed to poll metrics.
ALLOW_OAUTH2_FOR_EXTERNAL_USERS: boolean

Title: Allow External Users to Create OAuth2 Tokens

For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.
ANSIBLE_FACT_CACHE_TIMEOUT: integer

Title: Per-Host Ansible Fact Cache Timeout

Minimum Value: 0

Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.
API_400_ERROR_LOG_FORMAT: string

Title: Log Format For API 4XX Errors

Minimum Length: 1

Default Value: status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}

The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {}.
AUTH_BASIC_ENABLED(required): boolean

Title: Enable HTTP Basic Auth

Default Value: true

Enable HTTP Basic Auth for the API Browser.
AUTH_LDAP_1_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_1_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_1_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_1_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_1_GROUP_SEARCH: array AUTH_LDAP_1_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_1_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_1_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_1_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_1_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_1_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_1_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_1_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_1_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_1_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_1_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_1_USER_SEARCH: array AUTH_LDAP_1_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_2_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_2_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_2_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_2_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_2_GROUP_SEARCH: array AUTH_LDAP_2_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_2_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_2_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_2_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_2_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_2_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_2_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_2_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_2_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_2_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_2_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_2_USER_SEARCH: array AUTH_LDAP_2_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_3_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_3_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_3_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_3_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_3_GROUP_SEARCH: array AUTH_LDAP_3_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_3_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_3_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_3_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_3_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_3_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_3_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_3_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_3_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_3_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_3_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_3_USER_SEARCH: array AUTH_LDAP_3_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_4_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_4_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_4_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_4_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_4_GROUP_SEARCH: array AUTH_LDAP_4_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_4_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_4_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_4_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_4_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_4_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_4_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_4_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_4_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_4_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_4_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_4_USER_SEARCH: array AUTH_LDAP_4_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_5_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_5_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_5_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_5_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_5_GROUP_SEARCH: array AUTH_LDAP_5_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_5_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_5_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_5_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_5_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_5_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_5_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_5_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_5_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_5_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_5_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_5_USER_SEARCH: array AUTH_LDAP_5_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_BIND_DN: string

Title: LDAP Bind DN

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_BIND_PASSWORD: string

Title: LDAP Bind Password

Password used to bind LDAP user account.
AUTH_LDAP_CONNECTION_OPTIONS: object LDAP Connection Options

Title: LDAP Connection Options

Additional Properties Allowed: additionalProperties

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_DENY_GROUP: string

Title: LDAP Deny Group

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_GROUP_SEARCH: array AUTH_LDAP_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_GROUP_TYPE: string

Title: LDAP Group Type

Default Value: MemberDNGroupType

Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters

Title: LDAP Group Type Parameters

Additional Properties Allowed: additionalProperties

Key value parameters to send the chosen group type init method.
AUTH_LDAP_ORGANIZATION_MAP: object LDAP Organization Map

Title: LDAP Organization Map

Additional Properties Allowed: additionalProperties

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_REQUIRE_GROUP: string

Title: LDAP Require Group

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_SERVER_URI: string

Title: LDAP Server URI

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_START_TLS: boolean

Title: LDAP Start TLS

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_TEAM_MAP: object LDAP Team Map

Title: LDAP Team Map

Additional Properties Allowed: additionalProperties

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_USER_ATTR_MAP: object LDAP User Attribute Map

Title: LDAP User Attribute Map

Additional Properties Allowed: additionalProperties

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_USER_DN_TEMPLATE: string

Title: LDAP User DN Template

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group

Title: LDAP User Flags By Group

Additional Properties Allowed: additionalProperties

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_USER_SEARCH: array AUTH_LDAP_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTHENTICATION_BACKENDS: array AUTHENTICATION_BACKENDS

Read Only: true

List of authentication backends that are enabled based on license features and other authentication settings.
AUTOMATION_ANALYTICS_GATHER_INTERVAL: integer

Title: Automation Analytics Gather Interval

Minimum Value: 1800

Default Value: 14400

Interval (in seconds) between data gathering.
AUTOMATION_ANALYTICS_LAST_ENTRIES: string

Title: Last gathered entries from the data collection service of Automation Analytics
AUTOMATION_ANALYTICS_LAST_GATHER(required): string(date-time)

Title: Last gather date for Automation Analytics.
AUTOMATION_ANALYTICS_URL: string

Title: Automation Analytics upload URL

Minimum Length: 1

Default Value: https://example.com

This setting is used to to configure the upload URL for data collection for Automation Analytics.
AWX_ANSIBLE_CALLBACK_PLUGINS: array AWX_ANSIBLE_CALLBACK_PLUGINS

List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
AWX_CLEANUP_PATHS: boolean

Title: Enable or Disable tmp dir cleanup

Default Value: true

Enable or Disable TMP Dir cleanup
AWX_COLLECTIONS_ENABLED: boolean

Title: Enable Collection(s) Download

Default Value: true

Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.
AWX_ISOLATION_BASE_PATH(required): string

Title: Job execution path

Minimum Length: 1

Default Value: /tmp

The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).
AWX_ISOLATION_SHOW_PATHS: array AWX_ISOLATION_SHOW_PATHS

List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].
AWX_MOUNT_ISOLATED_PATHS_ON_K8S: boolean

Title: Expose host paths for Container Groups

Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible.
AWX_REQUEST_PROFILE: boolean

Title: Debug Web Requests

Debug web request python timing
AWX_ROLES_ENABLED: boolean

Title: Enable Role Download

Default Value: true

Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.
AWX_RUNNER_KEEPALIVE_SECONDS(required): integer

Title: K8S Ansible Runner Keep-Alive Message Interval

Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.
AWX_SHOW_PLAYBOOK_LINKS: boolean

Title: Follow symlinks

Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.
AWX_TASK_ENV: object Extra Environment Variables

Title: Extra Environment Variables

Additional Properties Allowed: additionalProperties

Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
BULK_HOST_MAX_CREATE: integer

Title: Max number of hosts to allow to be created in a single bulk action

Default Value: 100

Max number of hosts to allow to be created in a single bulk action
BULK_HOST_MAX_DELETE: integer

Title: Max number of hosts to allow to be deleted in a single bulk action

Default Value: 250

Max number of hosts to allow to be deleted in a single bulk action
BULK_JOB_MAX_LAUNCH: integer

Title: Max jobs to allow bulk jobs to launch

Default Value: 100

Max jobs to allow bulk jobs to launch
CLEANUP_HOST_METRICS_LAST_TS(required): string(date-time)

Title: Last cleanup date for HostMetrics
CSRF_TRUSTED_ORIGINS: array CSRF_TRUSTED_ORIGINS

If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.
CUSTOM_LOGIN_INFO: string

Title: Custom Login Info

If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.
CUSTOM_LOGO: string

Title: Custom Logo

To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.
CUSTOM_VENV_PATHS: array CUSTOM_VENV_PATHS

Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
DEFAULT_CONTAINER_RUN_OPTIONS: array DEFAULT_CONTAINER_RUN_OPTIONS

List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
DEFAULT_CONTROL_PLANE_QUEUE_NAME: string

Title: The instance group where control plane tasks run

Read Only: true

Minimum Length: 1

Default Value: controlplane
DEFAULT_EXECUTION_ENVIRONMENT: integer

Title: Global default execution environment

The Execution Environment to be used when one has not been configured for a job template.
DEFAULT_EXECUTION_QUEUE_NAME: string

Title: The instance group where user jobs run (currently only on non-VM installs)

Read Only: true

Minimum Length: 1

Default Value: default
DEFAULT_INVENTORY_UPDATE_TIMEOUT: integer

Title: Default Inventory Update Timeout

Minimum Value: 0

Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.
DEFAULT_JOB_IDLE_TIMEOUT: integer

Title: Default Job Idle Timeout

Minimum Value: 0

If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.
DEFAULT_JOB_TIMEOUT: integer

Title: Default Job Timeout

Minimum Value: 0

Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.
DEFAULT_PROJECT_UPDATE_TIMEOUT: integer

Title: Default Project Update Timeout

Minimum Value: 0

Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.
DISABLE_LOCAL_AUTH(required): boolean

Title: Disable the built-in authentication system

Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.
EVENT_STDOUT_MAX_BYTES_DISPLAY(required): integer

Title: Job Event Standard Output Maximum Display Size

Minimum Value: 0

Default Value: 1024

Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.
GALAXY_IGNORE_CERTS: boolean

Title: Ignore Ansible Galaxy SSL Certificate Verification

If set to true, certificate validation will not be done when installing content from any Galaxy server.
GALAXY_TASK_ENV(required): object Environment Variables for Galaxy Commands

Title: Environment Variables for Galaxy Commands

Additional Properties Allowed: additionalProperties

Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
HOST_METRIC_SUMMARY_TASK_LAST_TS(required): string(date-time)

Title: Last computing date of HostMetricSummaryMonthly
INSIGHTS_TRACKING_STATE: boolean

Title: Gather data for Automation Analytics

Enables the service to gather data on automation and send it to Automation Analytics.
INSTALL_UUID: string

Title: Unique identifier for an installation

Read Only: true

Minimum Length: 1

Default Value: 00000000-0000-0000-0000-000000000000
IS_K8S: boolean

Title: Is k8s

Read Only: true

Indicates whether the instance is part of a kubernetes-based deployment.
LICENSE: object License

Title: License

Read Only: true

Additional Properties Allowed: additionalProperties

The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.
LOCAL_PASSWORD_MIN_DIGITS: integer

Title: Minimum number of digit characters in local password

Minimum Value: 0

Minimum number of digit characters required in a local password. 0 means no minimum
LOCAL_PASSWORD_MIN_LENGTH: integer

Title: Minimum number of characters in local password

Minimum Value: 0

Minimum number of characters required in a local password. 0 means no minimum
LOCAL_PASSWORD_MIN_SPECIAL: integer

Title: Minimum number of special characters in local password

Minimum Value: 0

Minimum number of special characters required in a local password. 0 means no minimum
LOCAL_PASSWORD_MIN_UPPER: integer

Title: Minimum number of uppercase characters in local password

Minimum Value: 0

Minimum number of uppercase characters required in a local password. 0 means no minimum
LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB: integer

Title: Maximum disk persistence for rsyslogd action queuing (in GB)

Minimum Value: 1

Default Value: 1

Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.
LOG_AGGREGATOR_ACTION_QUEUE_SIZE: integer

Title: Maximum number of messages that can be stored in the log action queue

Minimum Value: 1

Default Value: 131072

Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).
LOG_AGGREGATOR_ENABLED: boolean

Title: Enable External Logging

Enable sending logs to external log aggregator.
LOG_AGGREGATOR_HOST: string

Title: Logging Aggregator

Minimum Length: 1

Hostname/IP where external logs will be sent to.
LOG_AGGREGATOR_INDIVIDUAL_FACTS: boolean

Title: Log System Tracking Facts Individually

If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.
LOG_AGGREGATOR_LEVEL: string

Title: Logging Aggregator Level Threshold

Default Value: INFO

Allowed Values: [ "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL" ]

Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)
LOG_AGGREGATOR_LOGGERS: array LOG_AGGREGATOR_LOGGERS

List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics
LOG_AGGREGATOR_MAX_DISK_USAGE_PATH: string

Title: File system location for rsyslogd disk persistence

Minimum Length: 1

Default Value: /var/lib/awx

Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.
LOG_AGGREGATOR_PASSWORD: string

Title: Logging Aggregator Password/Token

Password or authentication token for external log aggregator (if required; HTTP/s only).
LOG_AGGREGATOR_PORT: integer

Title: Logging Aggregator Port

Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).
LOG_AGGREGATOR_PROTOCOL: string

Title: Logging Aggregator Protocol

Default Value: https

Allowed Values: [ "https", "tcp", "udp" ]

Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.
LOG_AGGREGATOR_RSYSLOGD_DEBUG: boolean

Title: Enable rsyslogd debugging

Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.
LOG_AGGREGATOR_TCP_TIMEOUT: integer

Title: TCP Connection Timeout

Default Value: 5

Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.
LOG_AGGREGATOR_TOWER_UUID: string

Title: Cluster-wide unique identifier.

Useful to uniquely identify instances.
LOG_AGGREGATOR_TYPE: string

Title: Logging Aggregator Type

Allowed Values: [ "logstash", "splunk", "loggly", "sumologic", "other" ]

Format messages for the chosen log aggregator.
LOG_AGGREGATOR_USERNAME: string

Title: Logging Aggregator Username

Username for external log aggregator (if required; HTTP/s only).
LOG_AGGREGATOR_VERIFY_CERT: boolean

Title: Enable/disable HTTPS certificate verification

Default Value: true

Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.
LOGIN_REDIRECT_OVERRIDE: string

Title: Login redirect override URL

URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.
MANAGE_ORGANIZATION_AUTH(required): boolean

Title: Organization Admins Can Manage Users and Teams

Default Value: true

Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.
MAX_FORKS: integer

Title: Maximum number of forks per job

Default Value: 200

Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.
MAX_UI_JOB_EVENTS(required): integer

Title: Max Job Events Retrieved by UI

Minimum Value: 100

Default Value: 4000

Maximum number of job events for the UI to retrieve within a single request.
MAX_WEBSOCKET_EVENT_RATE: integer

Title: Job Event Maximum Websocket Messages Per Second

Minimum Value: 0

Default Value: 30

Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.
OAUTH2_PROVIDER: object OAuth 2 Timeout Settings

Title: OAuth 2 Timeout Settings

Additional Properties Allowed: additionalProperties

Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
ORG_ADMINS_CAN_SEE_ALL_USERS(required): boolean

Title: All Users Visible to Organization Admins

Default Value: true

Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.
PENDO_TRACKING_STATE: string

Title: User Analytics Tracking State

Read Only: true

Default Value: off

Allowed Values: [ "off", "anonymous", "detailed" ]

Enable or Disable User Analytics Tracking.
PROJECT_UPDATE_VVV(required): boolean

Title: Run Project Updates With Higher Verbosity

Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.
PROXY_IP_ALLOWED_LIST(required): array PROXY_IP_ALLOWED_LIST

If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
RADIUS_PORT: integer

Title: RADIUS Port

Minimum Value: 1

Maximum Value: 65535

Default Value: 1812

Port of RADIUS server.
RADIUS_SECRET: string

Title: RADIUS Secret

Shared secret for authenticating to RADIUS server.
RADIUS_SERVER: string

Title: RADIUS Server

Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.
RECEPTOR_NO_SIG: boolean

Title: Receptor no sig

Read Only: true

Default Value: true

Indicates whether signatures for receptor work requests should be enforced.
RECEPTOR_RELEASE_WORK: boolean

Title: Release Receptor Work

Default Value: true

Release receptor work
REDHAT_PASSWORD: string

Title: Red Hat customer password

This password is used to send data to Automation Analytics
REDHAT_USERNAME: string

Title: Red Hat customer username

This username is used to send data to Automation Analytics
REMOTE_HOST_HEADERS(required): array REMOTE_HOST_HEADERS

HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.
SAML_AUTO_CREATE_OBJECTS: boolean

Title: Automatically Create Organizations and Teams on SAML Login

Default Value: true

When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.
SCHEDULE_MAX_JOBS(required): integer

Title: Maximum Scheduled Jobs

Minimum Value: 1

Default Value: 10

Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
SESSION_COOKIE_AGE(required): integer

Title: Idle Time Force Log Out

Minimum Value: 60

Maximum Value: 30000000000

Default Value: 1800

Number of seconds that a user is inactive before they will need to login again.
SESSIONS_PER_USER(required): integer

Title: Maximum number of simultaneous logged in sessions

Minimum Value: -1

Default Value: -1

Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.
SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL: string

Title: Azure AD OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/azuread-oauth2/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: string

Title: Azure AD OAuth2 Key

The OAuth2 key (Client ID) from your Azure AD application.
SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP: object Azure AD OAuth2 Organization Map

Title: Azure AD OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: string

Title: Azure AD OAuth2 Secret

The OAuth2 secret (Client Secret) from your Azure AD application.
SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP: object Azure AD OAuth2 Team Map

Title: Azure AD OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_CALLBACK_URL: string

Title: GitHub OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL: string

Title: GitHub Enterprise API URL

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL: string

Title: GitHub Enterprise OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-enterprise/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY: string

Title: GitHub Enterprise OAuth2 Key

The OAuth2 key (Client ID) from your GitHub Enterprise developer application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL: string

Title: GitHub Enterprise Organization API URL

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL: string

Title: GitHub Enterprise Organization OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-enterprise-org/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY: string

Title: GitHub Enterprise Organization OAuth2 Key

The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME: string

Title: GitHub Enterprise Organization Name

The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP: object GitHub Enterprise Organization OAuth2 Organization Map

Title: GitHub Enterprise Organization OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET: string

Title: GitHub Enterprise Organization OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP: object GitHub Enterprise Organization OAuth2 Team Map

Title: GitHub Enterprise Organization OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL: string

Title: GitHub Enterprise Organization URL

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP: object GitHub Enterprise OAuth2 Organization Map

Title: GitHub Enterprise OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET: string

Title: GitHub Enterprise OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL: string

Title: GitHub Enterprise Team API URL

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL: string

Title: GitHub Enterprise Team OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-enterprise-team/

Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID: string

Title: GitHub Enterprise Team ID

Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY: string

Title: GitHub Enterprise Team OAuth2 Key

The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP: object GitHub Enterprise OAuth2 Team Map

Title: GitHub Enterprise OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP: object GitHub Enterprise Team OAuth2 Organization Map

Title: GitHub Enterprise Team OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET: string

Title: GitHub Enterprise Team OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP: object GitHub Enterprise Team OAuth2 Team Map

Title: GitHub Enterprise Team OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL: string

Title: GitHub Enterprise Team URL

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_URL: string

Title: GitHub Enterprise URL

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_KEY: string

Title: GitHub OAuth2 Key

The OAuth2 key (Client ID) from your GitHub developer application.
SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL: string

Title: GitHub Organization OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-org/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GITHUB_ORG_KEY: string

Title: GitHub Organization OAuth2 Key

The OAuth2 key (Client ID) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_ORG_NAME: string

Title: GitHub Organization Name

The name of your GitHub organization, as used in your organization's URL: https://github.com//.
SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP: object GitHub Organization OAuth2 Organization Map

Title: GitHub Organization OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ORG_SECRET: string

Title: GitHub Organization OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP: object GitHub Organization OAuth2 Team Map

Title: GitHub Organization OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP: object GitHub OAuth2 Organization Map

Title: GitHub OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_SECRET: string

Title: GitHub OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub developer application.
SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL: string

Title: GitHub Team OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/github-team/

Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
SOCIAL_AUTH_GITHUB_TEAM_ID: string

Title: GitHub Team ID

Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
SOCIAL_AUTH_GITHUB_TEAM_KEY: string

Title: GitHub Team OAuth2 Key

The OAuth2 key (Client ID) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_TEAM_MAP: object GitHub OAuth2 Team Map

Title: GitHub OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP: object GitHub Team OAuth2 Organization Map

Title: GitHub Team OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_TEAM_SECRET: string

Title: GitHub Team OAuth2 Secret

The OAuth2 secret (Client Secret) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP: object GitHub Team OAuth2 Team Map

Title: GitHub Team OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS: object Google OAuth2 Extra Arguments

Title: Google OAuth2 Extra Arguments

Additional Properties Allowed: additionalProperties

Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL: string

Title: Google OAuth2 Callback URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/google-oauth2/

Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: string

Title: Google OAuth2 Key

The OAuth2 key from your web application.
SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP: object Google OAuth2 Organization Map

Title: Google OAuth2 Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: string

Title: Google OAuth2 Secret

The OAuth2 secret from your web application.
SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP: object Google OAuth2 Team Map

Title: Google OAuth2 Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS: array SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Update this setting to restrict the domains who are allowed to login using Google OAuth2.
SOCIAL_AUTH_OIDC_KEY: string

Title: OIDC Key

Minimum Length: 1

The OIDC key (Client ID) from your IDP.
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT: string

Title: OIDC Provider URL

The URL for your OIDC provider including the path up to /.well-known/openid-configuration
SOCIAL_AUTH_OIDC_SECRET: string

Title: OIDC Secret

The OIDC secret (Client Secret) from your IDP.
SOCIAL_AUTH_OIDC_VERIFY_SSL: boolean

Title: Verify OIDC Provider Certificate

Default Value: true

Verify the OIDC provider ssl certificate.
SOCIAL_AUTH_ORGANIZATION_MAP: object Social Auth Organization Map

Title: Social Auth Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_CALLBACK_URL: string

Title: SAML Assertion Consumer Service (ACS) URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/complete/saml/

Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.
SOCIAL_AUTH_SAML_ENABLED_IDPS: object SAML Enabled Identity Providers

Title: SAML Enabled Identity Providers

Additional Properties Allowed: additionalProperties

Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
SOCIAL_AUTH_SAML_EXTRA_DATA: array SOCIAL_AUTH_SAML_EXTRA_DATA

A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
SOCIAL_AUTH_SAML_METADATA_URL: string

Title: SAML Service Provider Metadata URL

Read Only: true

Minimum Length: 1

Default Value: https://olamhost/sso/metadata/saml/

If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.
SOCIAL_AUTH_SAML_ORG_INFO(required): object SAML Service Provider Organization Info

Title: SAML Service Provider Organization Info

Additional Properties Allowed: additionalProperties

Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: object SAML Organization Attribute Mapping

Title: SAML Organization Attribute Mapping

Additional Properties Allowed: additionalProperties

Used to translate user organization membership.
SOCIAL_AUTH_SAML_ORGANIZATION_MAP: object SAML Organization Map

Title: SAML Organization Map

Additional Properties Allowed: additionalProperties

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_SECURITY_CONFIG: object SAML Security Config

Title: SAML Security Config

Additional Properties Allowed: additionalProperties

A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
SOCIAL_AUTH_SAML_SP_ENTITY_ID: string

Title: SAML Service Provider Entity ID

The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.
SOCIAL_AUTH_SAML_SP_EXTRA: object SAML Service Provider extra configuration data

Title: SAML Service Provider extra configuration data

Additional Properties Allowed: additionalProperties

A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY(required): string

Title: SAML Service Provider Private Key

Create a keypair to use as a service provider (SP) and include the private key content here.
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT(required): string

Title: SAML Service Provider Public Certificate

Create a keypair to use as a service provider (SP) and include the certificate content here.
SOCIAL_AUTH_SAML_SUPPORT_CONTACT(required): object SAML Service Provider Support Contact

Title: SAML Service Provider Support Contact

Additional Properties Allowed: additionalProperties

Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_TEAM_ATTR: object SAML Team Attribute Mapping

Title: SAML Team Attribute Mapping

Additional Properties Allowed: additionalProperties

Used to translate user team membership.
SOCIAL_AUTH_SAML_TEAM_MAP: object SAML Team Map

Title: SAML Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT(required): object SAML Service Provider Technical Contact

Title: SAML Service Provider Technical Contact

Additional Properties Allowed: additionalProperties

Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: object SAML User Flags Attribute Mapping

Title: SAML User Flags Attribute Mapping

Additional Properties Allowed: additionalProperties

Used to map super users and system auditors from SAML.
SOCIAL_AUTH_TEAM_MAP: object Social Auth Team Map

Title: Social Auth Team Map

Additional Properties Allowed: additionalProperties

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_USER_FIELDS: array SOCIAL_AUTH_USER_FIELDS

When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL: boolean

Title: Use Email address for usernames

Enabling this setting will tell social auth to use the full Email as username instead of the full name
STDOUT_MAX_BYTES_DISPLAY(required): integer

Title: Standard Output Maximum Display Size

Minimum Value: 0

Default Value: 1048576

Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
SUBSCRIPTION_USAGE_MODEL: string

Title: Defines subscription usage model and shows Host Metrics

Allowed Values: [ "", "unique_managed_hosts" ]
SUBSCRIPTIONS_PASSWORD: string

Title: Red Hat or Satellite password

This password is used to retrieve subscription and content information
SUBSCRIPTIONS_USERNAME: string

Title: Red Hat or Satellite username

This username is used to retrieve subscription and content information
TACACSPLUS_AUTH_PROTOCOL: string

Title: TACACS+ Authentication Protocol

Default Value: ascii

Allowed Values: [ "ascii", "pap" ]

Choose the authentication protocol used by TACACS+ client.
TACACSPLUS_HOST: string

Title: TACACS+ Server

Hostname of TACACS+ server.
TACACSPLUS_PORT: integer

Title: TACACS+ Port

Minimum Value: 1

Maximum Value: 65535

Default Value: 49

Port number of TACACS+ server.
TACACSPLUS_REM_ADDR: boolean

Title: TACACS+ client address sending enabled

Enable the client address sending by TACACS+ client.
TACACSPLUS_SECRET: string

Title: TACACS+ Secret

Shared secret for authenticating to TACACS+ server.
TACACSPLUS_SESSION_TIMEOUT: integer

Title: TACACS+ Auth Session Timeout

Minimum Value: 0

Default Value: 5

TACACS+ session timeout value in seconds, 0 disables timeout.
TOWER_URL_BASE(required): string

Title: Base URL of the service

Minimum Length: 1

Default Value: https://olamhost

This setting is used by services like notifications to render a valid url to the service.
UI_LIVE_UPDATES_ENABLED(required): boolean

Title: Enable Live Updates in the UI

Default Value: true

If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.
UI_NEXT: boolean

Title: Enable Preview of New User Interface

Enable preview of new user interface.

{
    "properties":{
        "ACTIVITY_STREAM_ENABLED":{
            "default":true,
            "description":"Enable capturing activity for the activity stream.",
            "title":"Enable Activity Stream",
            "type":"boolean"
        },
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC":{
            "description":"Enable capturing activity for the activity stream when running inventory sync.",
            "title":"Enable Activity Stream for Inventory Sync",
            "type":"boolean"
        },
        "AD_HOC_COMMANDS":{
            "default":[
                "command",
                "shell",
                "yum",
                "apt",
                "apt_key",
                "apt_repository",
                "apt_rpm",
                "service",
                "group",
                "user",
                "mount",
                "ping",
                "selinux",
                "setup",
                "win_ping",
                "win_service",
                "win_updates",
                "win_group",
                "win_user"
            ],
            "description":"List of modules allowed to be used by ad-hoc jobs.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "ALLOW_JINJA_IN_EXTRA_VARS":{
            "default":"template",
            "description":"Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python.  It is recommended that this value be set to \"template\" or \"never\".",
            "enum":[
                "always",
                "never",
                "template"
            ],
            "title":"When can extra variables contain Jinja templates?",
            "type":"string"
        },
        "ALLOW_METRICS_FOR_ANONYMOUS_USERS":{
            "description":"If true, anonymous users are allowed to poll metrics.",
            "title":"Allow anonymous users to poll metrics",
            "type":"boolean"
        },
        "ALLOW_OAUTH2_FOR_EXTERNAL_USERS":{
            "description":"For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
            "title":"Allow External Users to Create OAuth2 Tokens",
            "type":"boolean"
        },
        "ANSIBLE_FACT_CACHE_TIMEOUT":{
            "description":"Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
            "minimum":"0",
            "title":"Per-Host Ansible Fact Cache Timeout",
            "type":"integer"
        },
        "API_400_ERROR_LOG_FORMAT":{
            "default":"status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}",
            "description":"The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {<variable name>}.",
            "minLength":"1",
            "title":"Log Format For API 4XX Errors",
            "type":"string"
        },
        "AUTHENTICATION_BACKENDS":{
            "default":[
                "awx.sso.backends.TACACSPlusBackend",
                "awx.main.backends.AWXModelBackend"
            ],
            "description":"List of authentication backends that are enabled based on license features and other authentication settings.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "readOnly":true,
            "type":"array"
        },
        "AUTH_BASIC_ENABLED":{
            "default":true,
            "description":"Enable HTTP Basic Auth for the API Browser.",
            "title":"Enable HTTP Basic Auth",
            "type":"boolean"
        },
        "AUTH_LDAP_1_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_1_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_1_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_1_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_1_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_1_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_1_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_1_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_1_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_1_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_2_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_2_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_2_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_2_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_2_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_2_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_2_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_2_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_3_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_3_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_3_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_3_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_3_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_3_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_3_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_3_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_3_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_3_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_4_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_4_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_4_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_4_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_4_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_4_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_4_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_4_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_4_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_4_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_5_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_5_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_5_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_5_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_5_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_5_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_5_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_5_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_5_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_5_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTOMATION_ANALYTICS_GATHER_INTERVAL":{
            "default":"14400",
            "description":"Interval (in seconds) between data gathering.",
            "minimum":"1800",
            "title":"Automation Analytics Gather Interval",
            "type":"integer"
        },
        "AUTOMATION_ANALYTICS_LAST_ENTRIES":{
            "title":"Last gathered entries from the data collection service of Automation Analytics",
            "type":"string"
        },
        "AUTOMATION_ANALYTICS_LAST_GATHER":{
            "format":"date-time",
            "title":"Last gather date for Automation Analytics.",
            "type":"string",
            "x-nullable":true
        },
        "AUTOMATION_ANALYTICS_URL":{
            "default":"https://example.com",
            "description":"This setting is used to to configure the upload URL for data collection for Automation Analytics.",
            "minLength":"1",
            "title":"Automation Analytics upload URL",
            "type":"string"
        },
        "AWX_ANSIBLE_CALLBACK_PLUGINS":{
            "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "AWX_CLEANUP_PATHS":{
            "default":true,
            "description":"Enable or Disable TMP Dir cleanup",
            "title":"Enable or Disable tmp dir cleanup",
            "type":"boolean"
        },
        "AWX_COLLECTIONS_ENABLED":{
            "default":true,
            "description":"Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "title":"Enable Collection(s) Download",
            "type":"boolean"
        },
        "AWX_ISOLATION_BASE_PATH":{
            "default":"/tmp",
            "description":"The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
            "minLength":"1",
            "title":"Job execution path",
            "type":"string"
        },
        "AWX_ISOLATION_SHOW_PATHS":{
            "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "AWX_MOUNT_ISOLATED_PATHS_ON_K8S":{
            "description":"Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. ",
            "title":"Expose host paths for Container Groups",
            "type":"boolean"
        },
        "AWX_REQUEST_PROFILE":{
            "description":"Debug web request python timing",
            "title":"Debug Web Requests",
            "type":"boolean"
        },
        "AWX_ROLES_ENABLED":{
            "default":true,
            "description":"Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "title":"Enable Role Download",
            "type":"boolean"
        },
        "AWX_RUNNER_KEEPALIVE_SECONDS":{
            "description":"Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
            "title":"K8S Ansible Runner Keep-Alive Message Interval",
            "type":"integer"
        },
        "AWX_SHOW_PLAYBOOK_LINKS":{
            "description":"Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
            "title":"Follow symlinks",
            "type":"boolean"
        },
        "AWX_TASK_ENV":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
            "title":"Extra Environment Variables",
            "type":"object"
        },
        "BULK_HOST_MAX_CREATE":{
            "default":"100",
            "description":"Max number of hosts to allow to be created in a single bulk action",
            "title":"Max number of hosts to allow to be created in a single bulk action",
            "type":"integer"
        },
        "BULK_HOST_MAX_DELETE":{
            "default":"250",
            "description":"Max number of hosts to allow to be deleted in a single bulk action",
            "title":"Max number of hosts to allow to be deleted in a single bulk action",
            "type":"integer"
        },
        "BULK_JOB_MAX_LAUNCH":{
            "default":"100",
            "description":"Max jobs to allow bulk jobs to launch",
            "title":"Max jobs to allow bulk jobs to launch",
            "type":"integer"
        },
        "CLEANUP_HOST_METRICS_LAST_TS":{
            "format":"date-time",
            "title":"Last cleanup date for HostMetrics",
            "type":"string",
            "x-nullable":true
        },
        "CSRF_TRUSTED_ORIGINS":{
            "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. ",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "CUSTOM_LOGIN_INFO":{
            "description":"If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
            "title":"Custom Login Info",
            "type":"string"
        },
        "CUSTOM_LOGO":{
            "description":"To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
            "title":"Custom Logo",
            "type":"string"
        },
        "CUSTOM_VENV_PATHS":{
            "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "DEFAULT_CONTAINER_RUN_OPTIONS":{
            "default":[
                "--network",
                "slirp4netns:enable_ipv6=true"
            ],
            "description":"List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "DEFAULT_CONTROL_PLANE_QUEUE_NAME":{
            "default":"controlplane",
            "minLength":"1",
            "readOnly":true,
            "title":"The instance group where control plane tasks run",
            "type":"string"
        },
        "DEFAULT_EXECUTION_ENVIRONMENT":{
            "description":"The Execution Environment to be used when one has not been configured for a job template.",
            "title":"Global default execution environment",
            "type":"integer",
            "x-nullable":true
        },
        "DEFAULT_EXECUTION_QUEUE_NAME":{
            "default":"default",
            "minLength":"1",
            "readOnly":true,
            "title":"The instance group where user jobs run (currently only on non-VM installs)",
            "type":"string"
        },
        "DEFAULT_INVENTORY_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
            "minimum":"0",
            "title":"Default Inventory Update Timeout",
            "type":"integer"
        },
        "DEFAULT_JOB_IDLE_TIMEOUT":{
            "description":"If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
            "minimum":"0",
            "title":"Default Job Idle Timeout",
            "type":"integer"
        },
        "DEFAULT_JOB_TIMEOUT":{
            "description":"Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
            "minimum":"0",
            "title":"Default Job Timeout",
            "type":"integer"
        },
        "DEFAULT_PROJECT_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
            "minimum":"0",
            "title":"Default Project Update Timeout",
            "type":"integer"
        },
        "DISABLE_LOCAL_AUTH":{
            "description":"Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
            "title":"Disable the built-in authentication system",
            "type":"boolean"
        },
        "EVENT_STDOUT_MAX_BYTES_DISPLAY":{
            "default":"1024",
            "description":"Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.",
            "minimum":"0",
            "title":"Job Event Standard Output Maximum Display Size",
            "type":"integer"
        },
        "GALAXY_IGNORE_CERTS":{
            "description":"If set to true, certificate validation will not be done when installing content from any Galaxy server.",
            "title":"Ignore Ansible Galaxy SSL Certificate Verification",
            "type":"boolean"
        },
        "GALAXY_TASK_ENV":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "default":{
                "ANSIBLE_FORCE_COLOR":"false",
                "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
            },
            "description":"Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
            "title":"Environment Variables for Galaxy Commands",
            "type":"object"
        },
        "HOST_METRIC_SUMMARY_TASK_LAST_TS":{
            "format":"date-time",
            "title":"Last computing date of HostMetricSummaryMonthly",
            "type":"string",
            "x-nullable":true
        },
        "INSIGHTS_TRACKING_STATE":{
            "description":"Enables the service to gather data on automation and send it to Automation Analytics.",
            "title":"Gather data for Automation Analytics",
            "type":"boolean"
        },
        "INSTALL_UUID":{
            "default":"00000000-0000-0000-0000-000000000000",
            "minLength":"1",
            "readOnly":true,
            "title":"Unique identifier for an installation",
            "type":"string"
        },
        "IS_K8S":{
            "description":"Indicates whether the instance is part of a kubernetes-based deployment.",
            "readOnly":true,
            "title":"Is k8s",
            "type":"boolean"
        },
        "LICENSE":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
            "readOnly":true,
            "title":"License",
            "type":"object"
        },
        "LOCAL_PASSWORD_MIN_DIGITS":{
            "description":"Minimum number of digit characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of digit characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_LENGTH":{
            "description":"Minimum number of characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_SPECIAL":{
            "description":"Minimum number of special characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of special characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_UPPER":{
            "description":"Minimum number of uppercase characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of uppercase characters in local password",
            "type":"integer"
        },
        "LOGIN_REDIRECT_OVERRIDE":{
            "description":"URL to which unauthorized users will be redirected to log in.  If blank, users will be sent to the login page.",
            "title":"Login redirect override URL",
            "type":"string"
        },
        "LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB":{
            "default":"1",
            "description":"Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.",
            "minimum":"1",
            "title":"Maximum disk persistence for rsyslogd action queuing (in GB)",
            "type":"integer"
        },
        "LOG_AGGREGATOR_ACTION_QUEUE_SIZE":{
            "default":"131072",
            "description":"Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).",
            "minimum":"1",
            "title":"Maximum number of messages that can be stored in the log action queue",
            "type":"integer"
        },
        "LOG_AGGREGATOR_ENABLED":{
            "description":"Enable sending logs to external log aggregator.",
            "title":"Enable External Logging",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_HOST":{
            "description":"Hostname/IP where external logs will be sent to.",
            "minLength":"1",
            "title":"Logging Aggregator",
            "type":"string",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_INDIVIDUAL_FACTS":{
            "description":"If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
            "title":"Log System Tracking Facts Individually",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_LEVEL":{
            "default":"INFO",
            "description":"Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
            "enum":[
                "DEBUG",
                "INFO",
                "WARNING",
                "ERROR",
                "CRITICAL"
            ],
            "title":"Logging Aggregator Level Threshold",
            "type":"string"
        },
        "LOG_AGGREGATOR_LOGGERS":{
            "default":[
                "awx",
                "activity_stream",
                "job_events",
                "system_tracking",
                "broadcast_websocket"
            ],
            "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH":{
            "default":"/var/lib/awx",
            "description":"Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
            "minLength":"1",
            "title":"File system location for rsyslogd disk persistence",
            "type":"string"
        },
        "LOG_AGGREGATOR_PASSWORD":{
            "description":"Password or authentication token for external log aggregator (if required; HTTP/s only).",
            "title":"Logging Aggregator Password/Token",
            "type":"string"
        },
        "LOG_AGGREGATOR_PORT":{
            "description":"Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
            "title":"Logging Aggregator Port",
            "type":"integer",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_PROTOCOL":{
            "default":"https",
            "description":"Protocol used to communicate with log aggregator.  HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
            "enum":[
                "https",
                "tcp",
                "udp"
            ],
            "title":"Logging Aggregator Protocol",
            "type":"string"
        },
        "LOG_AGGREGATOR_RSYSLOGD_DEBUG":{
            "description":"Enabled high verbosity debugging for rsyslogd.  Useful for debugging connection issues for external log aggregation.",
            "title":"Enable rsyslogd debugging",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_TCP_TIMEOUT":{
            "default":"5",
            "description":"Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
            "title":"TCP Connection Timeout",
            "type":"integer"
        },
        "LOG_AGGREGATOR_TOWER_UUID":{
            "description":"Useful to uniquely identify instances.",
            "title":"Cluster-wide unique identifier.",
            "type":"string"
        },
        "LOG_AGGREGATOR_TYPE":{
            "description":"Format messages for the chosen log aggregator.",
            "enum":[
                "logstash",
                "splunk",
                "loggly",
                "sumologic",
                "other"
            ],
            "title":"Logging Aggregator Type",
            "type":"string",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_USERNAME":{
            "description":"Username for external log aggregator (if required; HTTP/s only).",
            "title":"Logging Aggregator Username",
            "type":"string"
        },
        "LOG_AGGREGATOR_VERIFY_CERT":{
            "default":true,
            "description":"Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
            "title":"Enable/disable HTTPS certificate verification",
            "type":"boolean"
        },
        "MANAGE_ORGANIZATION_AUTH":{
            "default":true,
            "description":"Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
            "title":"Organization Admins Can Manage Users and Teams",
            "type":"boolean"
        },
        "MAX_FORKS":{
            "default":"200",
            "description":"Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
            "title":"Maximum number of forks per job",
            "type":"integer"
        },
        "MAX_UI_JOB_EVENTS":{
            "default":"4000",
            "description":"Maximum number of job events for the UI to retrieve within a single request.",
            "minimum":"100",
            "title":"Max Job Events Retrieved by UI",
            "type":"integer"
        },
        "MAX_WEBSOCKET_EVENT_RATE":{
            "default":"30",
            "description":"Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
            "minimum":"0",
            "title":"Job Event Maximum Websocket Messages Per Second",
            "type":"integer"
        },
        "OAUTH2_PROVIDER":{
            "additionalProperties":{
                "minimum":"1",
                "type":"integer"
            },
            "default":{
                "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
                "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
                "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
            },
            "description":"Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
            "title":"OAuth 2 Timeout Settings",
            "type":"object"
        },
        "ORG_ADMINS_CAN_SEE_ALL_USERS":{
            "default":true,
            "description":"Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
            "title":"All Users Visible to Organization Admins",
            "type":"boolean"
        },
        "PENDO_TRACKING_STATE":{
            "default":"off",
            "description":"Enable or Disable User Analytics Tracking.",
            "enum":[
                "off",
                "anonymous",
                "detailed"
            ],
            "readOnly":true,
            "title":"User Analytics Tracking State",
            "type":"string"
        },
        "PROJECT_UPDATE_VVV":{
            "description":"Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
            "title":"Run Project Updates With Higher Verbosity",
            "type":"boolean"
        },
        "PROXY_IP_ALLOWED_LIST":{
            "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "RADIUS_PORT":{
            "default":"1812",
            "description":"Port of RADIUS server.",
            "maximum":"65535",
            "minimum":"1",
            "title":"RADIUS Port",
            "type":"integer"
        },
        "RADIUS_SECRET":{
            "description":"Shared secret for authenticating to RADIUS server.",
            "title":"RADIUS Secret",
            "type":"string"
        },
        "RADIUS_SERVER":{
            "description":"Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
            "title":"RADIUS Server",
            "type":"string"
        },
        "RECEPTOR_NO_SIG":{
            "default":true,
            "description":"Indicates whether signatures for receptor work requests should be enforced.",
            "readOnly":true,
            "title":"Receptor no sig",
            "type":"boolean"
        },
        "RECEPTOR_RELEASE_WORK":{
            "default":true,
            "description":"Release receptor work",
            "title":"Release Receptor Work",
            "type":"boolean"
        },
        "REDHAT_PASSWORD":{
            "description":"This password is used to send data to Automation Analytics",
            "title":"Red Hat customer password",
            "type":"string"
        },
        "REDHAT_USERNAME":{
            "description":"This username is used to send data to Automation Analytics",
            "title":"Red Hat customer username",
            "type":"string"
        },
        "REMOTE_HOST_HEADERS":{
            "default":[
                "REMOTE_ADDR",
                "REMOTE_HOST"
            ],
            "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "SAML_AUTO_CREATE_OBJECTS":{
            "default":true,
            "description":"When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
            "title":"Automatically Create Organizations and Teams on SAML Login",
            "type":"boolean"
        },
        "SCHEDULE_MAX_JOBS":{
            "default":"10",
            "description":"Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
            "minimum":"1",
            "title":"Maximum Scheduled Jobs",
            "type":"integer"
        },
        "SESSIONS_PER_USER":{
            "default":"-1",
            "description":"Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
            "minimum":"-1",
            "title":"Maximum number of simultaneous logged in sessions",
            "type":"integer"
        },
        "SESSION_COOKIE_AGE":{
            "default":"1800",
            "description":"Number of seconds that a user is inactive before they will need to login again.",
            "maximum":"30000000000",
            "minimum":"60",
            "title":"Idle Time Force Log Out",
            "type":"integer"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/azuread-oauth2/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail. ",
            "minLength":"1",
            "readOnly":true,
            "title":"Azure AD OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY":{
            "description":"The OAuth2 key (Client ID) from your Azure AD application.",
            "title":"Azure AD OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Azure AD OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your Azure AD application.",
            "title":"Azure AD OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Azure AD OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
            "title":"GitHub Enterprise OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Organization API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise-org/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise Organization OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Organization OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME":{
            "description":"The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "title":"GitHub Enterprise Organization Name",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise Organization OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Organization OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise Organization OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Organization URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
            "title":"GitHub Enterprise OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Team API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise-team/",
            "description":"Create an organization-owned application at https://github.com/organizations/<yourorg>/settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise Team OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID":{
            "description":"Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "title":"GitHub Enterprise Team ID",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Team OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise Team OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Team OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise Team OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Team URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub developer application.",
            "title":"GitHub OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-org/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Organization OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "title":"GitHub Organization OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_NAME":{
            "description":"The name of your GitHub organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "title":"GitHub Organization Name",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Organization OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "title":"GitHub Organization OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Organization OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub developer application.",
            "title":"GitHub OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-team/",
            "description":"Create an organization-owned application at https://github.com/organizations/<yourorg>/settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Team OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ID":{
            "description":"Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "title":"GitHub Team ID",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "title":"GitHub Team OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Team OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "title":"GitHub Team OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Team OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
            "title":"Google OAuth2 Extra Arguments",
            "type":"object"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/google-oauth2/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"Google OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY":{
            "description":"The OAuth2 key from your web application.",
            "title":"Google OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Google OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET":{
            "description":"The OAuth2 secret from your web application.",
            "title":"Google OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Google OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS":{
            "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "SOCIAL_AUTH_OIDC_KEY":{
            "description":"The OIDC key (Client ID) from your IDP.",
            "minLength":"1",
            "title":"OIDC Key",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT":{
            "description":"The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
            "title":"OIDC Provider URL",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_SECRET":{
            "description":"The OIDC secret (Client Secret) from your IDP.",
            "title":"OIDC Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_VERIFY_SSL":{
            "default":true,
            "description":"Verify the OIDC provider ssl certificate.",
            "title":"Verify OIDC Provider Certificate",
            "type":"boolean"
        },
        "SOCIAL_AUTH_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Social Auth Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/saml/",
            "description":"Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"SAML Assertion Consumer Service (ACS) URL",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_ENABLED_IDPS":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string",
                    "x-nullable":true
                },
                "type":"object"
            },
            "description":"Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
            "title":"SAML Enabled Identity Providers",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_EXTRA_DATA":{
            "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_METADATA_URL":{
            "default":"https://olamhost/sso/metadata/saml/",
            "description":"If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.",
            "minLength":"1",
            "readOnly":true,
            "title":"SAML Service Provider Metadata URL",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to translate user organization membership.",
            "title":"SAML Organization Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"SAML Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_ORG_INFO":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string",
                    "x-nullable":true
                },
                "type":"object"
            },
            "description":"Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Organization Info",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_SECURITY_CONFIG":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "requestedAuthnContext":false
            },
            "description":"A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
            "title":"SAML Security Config",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_SP_ENTITY_ID":{
            "description":"The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
            "title":"SAML Service Provider Entity ID",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_EXTRA":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
            "title":"SAML Service Provider extra configuration data",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY":{
            "description":"Create a keypair to use as a service provider (SP) and include the private key content here.",
            "title":"SAML Service Provider Private Key",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT":{
            "description":"Create a keypair to use as a service provider (SP) and include the certificate content here.",
            "title":"SAML Service Provider Public Certificate",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Support Contact",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_TEAM_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to translate user team membership.",
            "title":"SAML Team Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"SAML Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Technical Contact",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to map super users and system auditors from SAML.",
            "title":"SAML User Flags Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Social Auth Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL":{
            "description":"Enabling this setting will tell social auth to use the full Email as username instead of the full name",
            "title":"Use Email address for usernames",
            "type":"boolean"
        },
        "SOCIAL_AUTH_USER_FIELDS":{
            "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array",
            "x-nullable":true
        },
        "STDOUT_MAX_BYTES_DISPLAY":{
            "default":"1048576",
            "description":"Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
            "minimum":"0",
            "title":"Standard Output Maximum Display Size",
            "type":"integer"
        },
        "SUBSCRIPTIONS_PASSWORD":{
            "description":"This password is used to retrieve subscription and content information",
            "title":"Red Hat or Satellite password",
            "type":"string"
        },
        "SUBSCRIPTIONS_USERNAME":{
            "description":"This username is used to retrieve subscription and content information",
            "title":"Red Hat or Satellite username",
            "type":"string"
        },
        "SUBSCRIPTION_USAGE_MODEL":{
            "enum":[
                "",
                "unique_managed_hosts"
            ],
            "title":"Defines subscription usage model and shows Host Metrics",
            "type":"string"
        },
        "TACACSPLUS_AUTH_PROTOCOL":{
            "default":"ascii",
            "description":"Choose the authentication protocol used by TACACS+ client.",
            "enum":[
                "ascii",
                "pap"
            ],
            "title":"TACACS+ Authentication Protocol",
            "type":"string"
        },
        "TACACSPLUS_HOST":{
            "description":"Hostname of TACACS+ server.",
            "title":"TACACS+ Server",
            "type":"string"
        },
        "TACACSPLUS_PORT":{
            "default":"49",
            "description":"Port number of TACACS+ server.",
            "maximum":"65535",
            "minimum":"1",
            "title":"TACACS+ Port",
            "type":"integer"
        },
        "TACACSPLUS_REM_ADDR":{
            "description":"Enable the client address sending by TACACS+ client.",
            "title":"TACACS+ client address sending enabled",
            "type":"boolean"
        },
        "TACACSPLUS_SECRET":{
            "description":"Shared secret for authenticating to TACACS+ server.",
            "title":"TACACS+ Secret",
            "type":"string"
        },
        "TACACSPLUS_SESSION_TIMEOUT":{
            "default":"5",
            "description":"TACACS+ session timeout value in seconds, 0 disables timeout.",
            "minimum":"0",
            "title":"TACACS+ Auth Session Timeout",
            "type":"integer"
        },
        "TOWER_URL_BASE":{
            "default":"https://olamhost",
            "description":"This setting is used by services like notifications to render a valid url to the service.",
            "minLength":"1",
            "title":"Base URL of the service",
            "type":"string"
        },
        "UI_LIVE_UPDATES_ENABLED":{
            "default":true,
            "description":"If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
            "title":"Enable Live Updates in the UI",
            "type":"boolean"
        },
        "UI_NEXT":{
            "description":"Enable preview of new user interface.",
            "title":"Enable Preview of New User Interface",
            "type":"boolean"
        }
    },
    "required":[
        "ACTIVITY_STREAM_ENABLED",
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC",
        "ORG_ADMINS_CAN_SEE_ALL_USERS",
        "MANAGE_ORGANIZATION_AUTH",
        "TOWER_URL_BASE",
        "REMOTE_HOST_HEADERS",
        "PROXY_IP_ALLOWED_LIST",
        "ALLOW_JINJA_IN_EXTRA_VARS",
        "AWX_ISOLATION_BASE_PATH",
        "AWX_RUNNER_KEEPALIVE_SECONDS",
        "GALAXY_TASK_ENV",
        "PROJECT_UPDATE_VVV",
        "STDOUT_MAX_BYTES_DISPLAY",
        "EVENT_STDOUT_MAX_BYTES_DISPLAY",
        "SCHEDULE_MAX_JOBS",
        "AUTOMATION_ANALYTICS_LAST_GATHER",
        "CLEANUP_HOST_METRICS_LAST_TS",
        "HOST_METRIC_SUMMARY_TASK_LAST_TS",
        "SESSION_COOKIE_AGE",
        "SESSIONS_PER_USER",
        "DISABLE_LOCAL_AUTH",
        "AUTH_BASIC_ENABLED",
        "MAX_UI_JOB_EVENTS",
        "UI_LIVE_UPDATES_ENABLED",
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT",
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY",
        "SOCIAL_AUTH_SAML_ORG_INFO",
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT",
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT"
    ],
    "type":"object"
}

Nested Schema : AD_HOC_COMMANDS

Type: array

List of modules allowed to be used by ad-hoc jobs.

Default Value:

[
    "command",
    "shell",
    "yum",
    "apt",
    "apt_key",
    "apt_repository",
    "apt_rpm",
    "service",
    "group",
    "user",
    "mount",
    "ping",
    "selinux",
    "setup",
    "win_ping",
    "win_service",
    "win_updates",
    "win_group",
    "win_user"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "command",
        "shell",
        "yum",
        "apt",
        "apt_key",
        "apt_repository",
        "apt_rpm",
        "service",
        "group",
        "user",
        "mount",
        "ping",
        "selinux",
        "setup",
        "win_ping",
        "win_service",
        "win_updates",
        "win_group",
        "win_user"
    ],
    "description":"List of modules allowed to be used by ad-hoc jobs.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_1_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_1_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_2_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_2_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_3_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_3_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_4_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_4_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_5_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_5_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Connection Options

Type: object

Title: LDAP Connection Options

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

Default Value:

{
    "OPT_NETWORK_TIMEOUT":"30",
    "OPT_REFERRALS":"0"
}

Nested Schema : AUTH_LDAP_GROUP_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : LDAP Group Type Parameters

Type: object

Title: LDAP Group Type Parameters

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

Key value parameters to send the chosen group type init method.

Default Value:

{
    "member_attr":"member",
    "name_attr":"cn"
}

Nested Schema : LDAP Organization Map

Type: object

Title: LDAP Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

Nested Schema : LDAP Team Map

Type: object

Title: LDAP Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : LDAP User Attribute Map

Type: object

Title: LDAP User Attribute Map

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

Nested Schema : LDAP User Flags By Group

Type: object

Title: LDAP User Flags By Group

Additional Properties Allowed

Show Source

array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_USER_SEARCH

Type: array

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

Nested Schema : AUTHENTICATION_BACKENDS

Type: array

Read Only: true

List of authentication backends that are enabled based on license features and other authentication settings.

Default Value:

[
    "awx.sso.backends.TACACSPlusBackend",
    "awx.main.backends.AWXModelBackend"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "awx.sso.backends.TACACSPlusBackend",
        "awx.main.backends.AWXModelBackend"
    ],
    "description":"List of authentication backends that are enabled based on license features and other authentication settings.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "readOnly":true,
    "type":"array"
}

Nested Schema : AWX_ANSIBLE_CALLBACK_PLUGINS

Type: array

List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AWX_ISOLATION_SHOW_PATHS

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Extra Environment Variables

Type: object

Title: Extra Environment Variables

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
    "title":"Extra Environment Variables",
    "type":"object"
}

Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.

Nested Schema : CSRF_TRUSTED_ORIGINS

Type: array

If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. ",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : CUSTOM_VENV_PATHS

Type: array

Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : DEFAULT_CONTAINER_RUN_OPTIONS

Type: array

List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']

Default Value:

[
    "--network",
    "slirp4netns:enable_ipv6=true"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "--network",
        "slirp4netns:enable_ipv6=true"
    ],
    "description":"List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Environment Variables for Galaxy Commands

Type: object

Title: Environment Variables for Galaxy Commands

Additional Properties Allowed

Show Source

string

Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "default":{
        "ANSIBLE_FORCE_COLOR":"false",
        "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
    },
    "description":"Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
    "title":"Environment Variables for Galaxy Commands",
    "type":"object"
}

Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.

Default Value:

{
    "ANSIBLE_FORCE_COLOR":"false",
    "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
}

Nested Schema : License

Type: object

Title: License

Read Only: true

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
    "readOnly":true,
    "title":"License",
    "type":"object"
}

The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.

Nested Schema : LOG_AGGREGATOR_LOGGERS

Type: array

Default Value:

[
    "awx",
    "activity_stream",
    "job_events",
    "system_tracking",
    "broadcast_websocket"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "awx",
        "activity_stream",
        "job_events",
        "system_tracking",
        "broadcast_websocket"
    ],
    "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : OAuth 2 Timeout Settings

Type: object

Title: OAuth 2 Timeout Settings

Additional Properties Allowed

Show Source

integer

Minimum Value: 1

{
    "additionalProperties":{
        "minimum":"1",
        "type":"integer"
    },
    "default":{
        "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
        "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
        "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
    },
    "description":"Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
    "title":"OAuth 2 Timeout Settings",
    "type":"object"
}

Default Value:

{
    "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
    "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
    "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
}

Nested Schema : PROXY_IP_ALLOWED_LIST

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : REMOTE_HOST_HEADERS

Type: array

Default Value:

[
    "REMOTE_ADDR",
    "REMOTE_HOST"
]

Show Source

Array of: string

Minimum Length: 1

{
    "default":[
        "REMOTE_ADDR",
        "REMOTE_HOST"
    ],
    "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Azure AD OAuth2 Organization Map

Type: object

Title: Azure AD OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Azure AD OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : Azure AD OAuth2 Team Map

Type: object

Title: Azure AD OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Azure AD OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Enterprise Organization OAuth2 Organization Map

Type: object

Title: GitHub Enterprise Organization OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise Organization OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Enterprise Organization OAuth2 Team Map

Type: object

Title: GitHub Enterprise Organization OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise Organization OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Enterprise OAuth2 Organization Map

Type: object

Title: GitHub Enterprise OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Enterprise OAuth2 Team Map

Type: object

Title: GitHub Enterprise OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Enterprise Team OAuth2 Organization Map

Type: object

Title: GitHub Enterprise Team OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise Team OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Enterprise Team OAuth2 Team Map

Type: object

Title: GitHub Enterprise Team OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise Team OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Organization OAuth2 Organization Map

Type: object

Title: GitHub Organization OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Organization OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Organization OAuth2 Team Map

Type: object

Title: GitHub Organization OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Organization OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub OAuth2 Organization Map

Type: object

Title: GitHub OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub OAuth2 Team Map

Type: object

Title: GitHub OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : GitHub Team OAuth2 Organization Map

Type: object

Title: GitHub Team OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Team OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : GitHub Team OAuth2 Team Map

Type: object

Title: GitHub Team OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Team OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : Google OAuth2 Extra Arguments

Type: object

Title: Google OAuth2 Extra Arguments

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
    "title":"Google OAuth2 Extra Arguments",
    "type":"object"
}

Nested Schema : Google OAuth2 Organization Map

Type: object

Title: Google OAuth2 Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Google OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : Google OAuth2 Team Map

Type: object

Title: Google OAuth2 Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Google OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Type: array

Update this setting to restrict the domains who are allowed to login using Google OAuth2.

Show Source

Array of: string

Minimum Length: 1

{
    "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : Social Auth Organization Map

Type: object

Title: Social Auth Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Social Auth Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : SAML Enabled Identity Providers

Type: object

Title: SAML Enabled Identity Providers

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string",
            "x-nullable":true
        },
        "type":"object"
    },
    "description":"Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
    "title":"SAML Enabled Identity Providers",
    "type":"object"
}

Nested Schema : SOCIAL_AUTH_SAML_EXTRA_DATA

Type: array

A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.

Show Source

Array of: string

{
    "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array",
    "x-nullable":true
}

Nested Schema : SAML Service Provider Organization Info

Type: object

Title: SAML Service Provider Organization Info

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string",
            "x-nullable":true
        },
        "type":"object"
    },
    "description":"Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Organization Info",
    "type":"object"
}

Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.

Nested Schema : SAML Organization Attribute Mapping

Type: object

Title: SAML Organization Attribute Mapping

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to translate user organization membership.",
    "title":"SAML Organization Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

Used to translate user organization membership.

Nested Schema : SAML Organization Map

Type: object

Title: SAML Organization Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"SAML Organization Map",
    "type":"object",
    "x-nullable":true
}

Nested Schema : SAML Security Config

Type: object

Title: SAML Security Config

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "requestedAuthnContext":false
    },
    "description":"A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
    "title":"SAML Security Config",
    "type":"object",
    "x-nullable":true
}

A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings

Default Value:

{
    "requestedAuthnContext":false
}

Nested Schema : SAML Service Provider extra configuration data

Type: object

Title: SAML Service Provider extra configuration data

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
    "title":"SAML Service Provider extra configuration data",
    "type":"object",
    "x-nullable":true
}

A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.

Nested Schema : SAML Service Provider Support Contact

Type: object

Title: SAML Service Provider Support Contact

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Support Contact",
    "type":"object"
}

Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.

Nested Schema : SAML Team Attribute Mapping

Type: object

Title: SAML Team Attribute Mapping

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to translate user team membership.",
    "title":"SAML Team Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

Used to translate user team membership.

Nested Schema : SAML Team Map

Type: object

Title: SAML Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"SAML Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SAML Service Provider Technical Contact

Type: object

Title: SAML Service Provider Technical Contact

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Technical Contact",
    "type":"object"
}

Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.

Nested Schema : SAML User Flags Attribute Mapping

Type: object

Title: SAML User Flags Attribute Mapping

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to map super users and system auditors from SAML.",
    "title":"SAML User Flags Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

Used to map super users and system auditors from SAML.

Nested Schema : Social Auth Team Map

Type: object

Title: Social Auth Team Map

Additional Properties Allowed

Show Source

object additionalProperties

Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Social Auth Team Map",
    "type":"object",
    "x-nullable":true
}

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_USER_FIELDS

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array",
    "x-nullable":true
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: array

Show Source

Array of: string

Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

Nested Schema : additionalProperties

Type: object

Additional Properties Allowed

Show Source

string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}