Oracle Linux Automation Manager CLI and API Reference Guide

Root Schema : schema

Type: object

Show Source

ACTIVITY_STREAM_ENABLED: boolean

Enable capturing activity for the activity stream.
ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: boolean

Enable capturing activity for the activity stream when running inventory sync.
AD_HOC_COMMANDS(optional): array AD_HOC_COMMANDS

List of modules allowed to be used by ad-hoc jobs.
ALLOW_JINJA_IN_EXTRA_VARS: string

Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never".
ALLOW_OAUTH2_FOR_EXTERNAL_USERS(optional): boolean

For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.
ANSIBLE_FACT_CACHE_TIMEOUT(optional): integer

Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.
API_400_ERROR_LOG_FORMAT(optional): string

The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {}.
AUTH_BASIC_ENABLED: boolean

Enable HTTP Basic Auth for the API Browser.
AUTH_LDAP_1_BIND_DN(optional): string

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_1_BIND_PASSWORD(optional): string

Password used to bind LDAP user account.
AUTH_LDAP_1_CONNECTION_OPTIONS(optional): object AUTH_LDAP_1_CONNECTION_OPTIONS

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_1_DENY_GROUP(optional): string

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_1_GROUP_SEARCH(optional): array AUTH_LDAP_1_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_1_GROUP_TYPE(optional): string

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_1_GROUP_TYPE_PARAMS(optional): object AUTH_LDAP_1_GROUP_TYPE_PARAMS

Key value parameters to send the chosen group type init method.
AUTH_LDAP_1_ORGANIZATION_MAP(optional): object AUTH_LDAP_1_ORGANIZATION_MAP

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_1_REQUIRE_GROUP(optional): string

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_1_SERVER_URI(optional): string

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_1_START_TLS(optional): boolean

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_1_TEAM_MAP(optional): object AUTH_LDAP_1_TEAM_MAP

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_1_USER_ATTR_MAP(optional): object AUTH_LDAP_1_USER_ATTR_MAP

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_1_USER_DN_TEMPLATE(optional): string

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_1_USER_FLAGS_BY_GROUP(optional): object AUTH_LDAP_1_USER_FLAGS_BY_GROUP

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_1_USER_SEARCH(optional): array AUTH_LDAP_1_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_2_BIND_DN(optional): string

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_2_BIND_PASSWORD(optional): string

Password used to bind LDAP user account.
AUTH_LDAP_2_CONNECTION_OPTIONS(optional): object AUTH_LDAP_2_CONNECTION_OPTIONS

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_2_DENY_GROUP(optional): string

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_2_GROUP_SEARCH(optional): array AUTH_LDAP_2_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_2_GROUP_TYPE(optional): string

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_2_GROUP_TYPE_PARAMS(optional): object AUTH_LDAP_2_GROUP_TYPE_PARAMS

Key value parameters to send the chosen group type init method.
AUTH_LDAP_2_ORGANIZATION_MAP(optional): object AUTH_LDAP_2_ORGANIZATION_MAP

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_2_REQUIRE_GROUP(optional): string

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_2_SERVER_URI(optional): string

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_2_START_TLS(optional): boolean

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_2_TEAM_MAP(optional): object AUTH_LDAP_2_TEAM_MAP

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_2_USER_ATTR_MAP(optional): object AUTH_LDAP_2_USER_ATTR_MAP

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_2_USER_DN_TEMPLATE(optional): string

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_2_USER_FLAGS_BY_GROUP(optional): object AUTH_LDAP_2_USER_FLAGS_BY_GROUP

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_2_USER_SEARCH(optional): array AUTH_LDAP_2_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_3_BIND_DN(optional): string

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_3_BIND_PASSWORD(optional): string

Password used to bind LDAP user account.
AUTH_LDAP_3_CONNECTION_OPTIONS(optional): object AUTH_LDAP_3_CONNECTION_OPTIONS

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_3_DENY_GROUP(optional): string

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_3_GROUP_SEARCH(optional): array AUTH_LDAP_3_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_3_GROUP_TYPE(optional): string

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_3_GROUP_TYPE_PARAMS(optional): object AUTH_LDAP_3_GROUP_TYPE_PARAMS

Key value parameters to send the chosen group type init method.
AUTH_LDAP_3_ORGANIZATION_MAP(optional): object AUTH_LDAP_3_ORGANIZATION_MAP

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_3_REQUIRE_GROUP(optional): string

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_3_SERVER_URI(optional): string

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_3_START_TLS(optional): boolean

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_3_TEAM_MAP(optional): object AUTH_LDAP_3_TEAM_MAP

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_3_USER_ATTR_MAP(optional): object AUTH_LDAP_3_USER_ATTR_MAP

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_3_USER_DN_TEMPLATE(optional): string

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_3_USER_FLAGS_BY_GROUP(optional): object AUTH_LDAP_3_USER_FLAGS_BY_GROUP

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_3_USER_SEARCH(optional): array AUTH_LDAP_3_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_4_BIND_DN(optional): string

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_4_BIND_PASSWORD(optional): string

Password used to bind LDAP user account.
AUTH_LDAP_4_CONNECTION_OPTIONS(optional): object AUTH_LDAP_4_CONNECTION_OPTIONS

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_4_DENY_GROUP(optional): string

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_4_GROUP_SEARCH(optional): array AUTH_LDAP_4_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_4_GROUP_TYPE(optional): string

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_4_GROUP_TYPE_PARAMS(optional): object AUTH_LDAP_4_GROUP_TYPE_PARAMS

Key value parameters to send the chosen group type init method.
AUTH_LDAP_4_ORGANIZATION_MAP(optional): object AUTH_LDAP_4_ORGANIZATION_MAP

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_4_REQUIRE_GROUP(optional): string

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_4_SERVER_URI(optional): string

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_4_START_TLS(optional): boolean

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_4_TEAM_MAP(optional): object AUTH_LDAP_4_TEAM_MAP

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_4_USER_ATTR_MAP(optional): object AUTH_LDAP_4_USER_ATTR_MAP

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_4_USER_DN_TEMPLATE(optional): string

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_4_USER_FLAGS_BY_GROUP(optional): object AUTH_LDAP_4_USER_FLAGS_BY_GROUP

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_4_USER_SEARCH(optional): array AUTH_LDAP_4_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_5_BIND_DN(optional): string

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_5_BIND_PASSWORD(optional): string

Password used to bind LDAP user account.
AUTH_LDAP_5_CONNECTION_OPTIONS(optional): object AUTH_LDAP_5_CONNECTION_OPTIONS

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_5_DENY_GROUP(optional): string

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_5_GROUP_SEARCH(optional): array AUTH_LDAP_5_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_5_GROUP_TYPE(optional): string

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_5_GROUP_TYPE_PARAMS(optional): object AUTH_LDAP_5_GROUP_TYPE_PARAMS

Key value parameters to send the chosen group type init method.
AUTH_LDAP_5_ORGANIZATION_MAP(optional): object AUTH_LDAP_5_ORGANIZATION_MAP

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_5_REQUIRE_GROUP(optional): string

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_5_SERVER_URI(optional): string

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_5_START_TLS(optional): boolean

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_5_TEAM_MAP(optional): object AUTH_LDAP_5_TEAM_MAP

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_5_USER_ATTR_MAP(optional): object AUTH_LDAP_5_USER_ATTR_MAP

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_5_USER_DN_TEMPLATE(optional): string

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_5_USER_FLAGS_BY_GROUP(optional): object AUTH_LDAP_5_USER_FLAGS_BY_GROUP

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_5_USER_SEARCH(optional): array AUTH_LDAP_5_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTH_LDAP_BIND_DN(optional): string

DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
AUTH_LDAP_BIND_PASSWORD(optional): string

Password used to bind LDAP user account.
AUTH_LDAP_CONNECTION_OPTIONS(optional): object AUTH_LDAP_CONNECTION_OPTIONS

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
AUTH_LDAP_DENY_GROUP(optional): string

Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
AUTH_LDAP_GROUP_SEARCH(optional): array AUTH_LDAP_GROUP_SEARCH

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
AUTH_LDAP_GROUP_TYPE(optional): string

The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
AUTH_LDAP_GROUP_TYPE_PARAMS(optional): object AUTH_LDAP_GROUP_TYPE_PARAMS

Key value parameters to send the chosen group type init method.
AUTH_LDAP_ORGANIZATION_MAP(optional): object AUTH_LDAP_ORGANIZATION_MAP

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
AUTH_LDAP_REQUIRE_GROUP(optional): string

Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
AUTH_LDAP_SERVER_URI(optional): string

URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
AUTH_LDAP_START_TLS(optional): boolean

Whether to enable TLS when the LDAP connection is not using SSL.
AUTH_LDAP_TEAM_MAP(optional): object AUTH_LDAP_TEAM_MAP

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
AUTH_LDAP_USER_ATTR_MAP(optional): object AUTH_LDAP_USER_ATTR_MAP

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
AUTH_LDAP_USER_DN_TEMPLATE(optional): string

Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
AUTH_LDAP_USER_FLAGS_BY_GROUP(optional): object AUTH_LDAP_USER_FLAGS_BY_GROUP

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
AUTH_LDAP_USER_SEARCH(optional): array AUTH_LDAP_USER_SEARCH

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
AUTOMATION_ANALYTICS_GATHER_INTERVAL(optional): integer

Interval (in seconds) between data gathering.
AUTOMATION_ANALYTICS_LAST_ENTRIES(optional): string
AUTOMATION_ANALYTICS_LAST_GATHER: string
AUTOMATION_ANALYTICS_URL(optional): string

This setting is used to to configure the upload URL for data collection for Red Hat Insights.
AWX_ANSIBLE_CALLBACK_PLUGINS(optional): array AWX_ANSIBLE_CALLBACK_PLUGINS

List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
AWX_COLLECTIONS_ENABLED(optional): boolean

Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.
AWX_ISOLATION_BASE_PATH: string

The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).
AWX_ISOLATION_SHOW_PATHS(optional): array AWX_ISOLATION_SHOW_PATHS

List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.
AWX_ROLES_ENABLED(optional): boolean

Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.
AWX_SHOW_PLAYBOOK_LINKS(optional): boolean

Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.
AWX_TASK_ENV(optional): object AWX_TASK_ENV

Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
CUSTOM_LOGIN_INFO(optional): string

If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.
CUSTOM_LOGO(optional): string

To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.
CUSTOM_VENV_PATHS(optional): array CUSTOM_VENV_PATHS

Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
DEFAULT_EXECUTION_ENVIRONMENT(optional): integer

The Execution Environment to be used when one has not been configured for a job template.
DEFAULT_INVENTORY_UPDATE_TIMEOUT(optional): integer

Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.
DEFAULT_JOB_IDLE_TIMEOUT(optional): integer

If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to used default idle_timeout is 600s.
DEFAULT_JOB_TIMEOUT(optional): integer

Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.
DEFAULT_PROJECT_UPDATE_TIMEOUT(optional): integer

Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.
DISABLE_LOCAL_AUTH: boolean

Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.
EVENT_STDOUT_MAX_BYTES_DISPLAY: integer

Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.
GALAXY_IGNORE_CERTS(optional): boolean

If set to true, certificate validation will not be done when installing content from any Galaxy server.
INSIGHTS_TRACKING_STATE(optional): boolean

Enables the service to gather data on automation and send it to Red Hat Insights.
LOG_AGGREGATOR_ENABLED(optional): boolean

Enable sending logs to external log aggregator.
LOG_AGGREGATOR_HOST(optional): string

Hostname/IP where external logs will be sent to.
LOG_AGGREGATOR_INDIVIDUAL_FACTS(optional): boolean

If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.
LOG_AGGREGATOR_LEVEL(optional): string

Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)
LOG_AGGREGATOR_LOGGERS(optional): array LOG_AGGREGATOR_LOGGERS

List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs.
LOG_AGGREGATOR_MAX_DISK_USAGE_GB(optional): integer

Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting.
LOG_AGGREGATOR_MAX_DISK_USAGE_PATH(optional): string

Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.
LOG_AGGREGATOR_PASSWORD(optional): string

Password or authentication token for external log aggregator (if required; HTTP/s only).
LOG_AGGREGATOR_PORT(optional): integer

Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).
LOG_AGGREGATOR_PROTOCOL(optional): string

Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.
LOG_AGGREGATOR_RSYSLOGD_DEBUG(optional): boolean

Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.
LOG_AGGREGATOR_TCP_TIMEOUT(optional): integer

Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.
LOG_AGGREGATOR_TOWER_UUID(optional): string

Useful to uniquely identify instances.
LOG_AGGREGATOR_TYPE(optional): string

Format messages for the chosen log aggregator.
LOG_AGGREGATOR_USERNAME(optional): string

Username for external log aggregator (if required; HTTP/s only).
LOG_AGGREGATOR_VERIFY_CERT(optional): boolean

Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.
LOGIN_REDIRECT_OVERRIDE(optional): string

URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.
MANAGE_ORGANIZATION_AUTH: boolean

Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.
MAX_FORKS(optional): integer

Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.
MAX_UI_JOB_EVENTS: integer

Maximum number of job events for the UI to retrieve within a single request.
MAX_WEBSOCKET_EVENT_RATE(optional): integer

Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.
OAUTH2_PROVIDER(optional): object OAUTH2_PROVIDER

Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
ORG_ADMINS_CAN_SEE_ALL_USERS: boolean

Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.
PROJECT_UPDATE_VVV: boolean

Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.
PROXY_IP_ALLOWED_LIST: array PROXY_IP_ALLOWED_LIST

If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
RADIUS_PORT(optional): integer

Port of RADIUS server.
RADIUS_SECRET(optional): string

Shared secret for authenticating to RADIUS server.
RADIUS_SERVER(optional): string

Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.
REDHAT_PASSWORD(optional): string

This password is used to send data to Insights for Ansible Automation Platform
REDHAT_USERNAME(optional): string

This username is used to send data to Insights for Ansible Automation Platform
REMOTE_HOST_HEADERS: array REMOTE_HOST_HEADERS

HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the Adminstrator guide for more details.
SAML_AUTO_CREATE_OBJECTS(optional): boolean

When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.
SCHEDULE_MAX_JOBS: integer

Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
SESSION_COOKIE_AGE: integer

Number of seconds that a user is inactive before they will need to login again.
SESSIONS_PER_USER: integer

Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY(optional): string

The OAuth2 key (Client ID) from your Azure AD application.
SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET(optional): string

The OAuth2 secret (Client Secret) from your Azure AD application.
SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP(optional): object SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL(optional): string

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY(optional): string

The OAuth2 key (Client ID) from your GitHub Enterprise developer application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL(optional): string

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY(optional): string

The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME(optional): string

The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET(optional): string

The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP(optional): object SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL(optional): string

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET(optional): string

The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL(optional): string

The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID(optional): string

Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY(optional): string

The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP(optional): object SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET(optional): string

The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP(optional): object SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL(optional): string

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_ENTERPRISE_URL(optional): string

The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
SOCIAL_AUTH_GITHUB_KEY(optional): string

The OAuth2 key (Client ID) from your GitHub developer application.
SOCIAL_AUTH_GITHUB_ORG_KEY(optional): string

The OAuth2 key (Client ID) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_ORG_NAME(optional): string

The name of your GitHub organization, as used in your organization's URL: https://github.com//.
SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ORG_SECRET(optional): string

The OAuth2 secret (Client Secret) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP(optional): object SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_SECRET(optional): string

The OAuth2 secret (Client Secret) from your GitHub developer application.
SOCIAL_AUTH_GITHUB_TEAM_ID(optional): string

Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
SOCIAL_AUTH_GITHUB_TEAM_KEY(optional): string

The OAuth2 key (Client ID) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_TEAM_MAP(optional): object SOCIAL_AUTH_GITHUB_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GITHUB_TEAM_SECRET(optional): string

The OAuth2 secret (Client Secret) from your GitHub organization application.
SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP(optional): object SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS(optional): object SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS

Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY(optional): string

The OAuth2 key from your web application.
SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET(optional): string

The OAuth2 secret from your web application.
SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP(optional): object SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS(optional): array SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Update this setting to restrict the domains who are allowed to login using Google OAuth2.
SOCIAL_AUTH_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_ENABLED_IDPS(optional): object SOCIAL_AUTH_SAML_ENABLED_IDPS

Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
SOCIAL_AUTH_SAML_EXTRA_DATA(optional): array SOCIAL_AUTH_SAML_EXTRA_DATA

A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
SOCIAL_AUTH_SAML_ORG_INFO: object SOCIAL_AUTH_SAML_ORG_INFO

Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR(optional): object SOCIAL_AUTH_SAML_ORGANIZATION_ATTR

Used to translate user organization membership.
SOCIAL_AUTH_SAML_ORGANIZATION_MAP(optional): object SOCIAL_AUTH_SAML_ORGANIZATION_MAP

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_SECURITY_CONFIG(optional): object SOCIAL_AUTH_SAML_SECURITY_CONFIG

A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
SOCIAL_AUTH_SAML_SP_ENTITY_ID(optional): string

The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.
SOCIAL_AUTH_SAML_SP_EXTRA(optional): object SOCIAL_AUTH_SAML_SP_EXTRA

A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: string

Create a keypair to use as a service provider (SP) and include the private key content here.
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: string

Create a keypair to use as a service provider (SP) and include the certificate content here.
SOCIAL_AUTH_SAML_SUPPORT_CONTACT: object SOCIAL_AUTH_SAML_SUPPORT_CONTACT

Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_TEAM_ATTR(optional): object SOCIAL_AUTH_SAML_TEAM_ATTR

Used to translate user team membership.
SOCIAL_AUTH_SAML_TEAM_MAP(optional): object SOCIAL_AUTH_SAML_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: object SOCIAL_AUTH_SAML_TECHNICAL_CONTACT

Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR(optional): object SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR

Used to map super users and system auditors from SAML.
SOCIAL_AUTH_TEAM_MAP(optional): object SOCIAL_AUTH_TEAM_MAP

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
SOCIAL_AUTH_USER_FIELDS(optional): array SOCIAL_AUTH_USER_FIELDS

When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
STDOUT_MAX_BYTES_DISPLAY: integer

Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
SUBSCRIPTIONS_PASSWORD(optional): string

This password is used to retrieve subscription and content information
SUBSCRIPTIONS_USERNAME(optional): string

This username is used to retrieve subscription and content information
TACACSPLUS_AUTH_PROTOCOL(optional): string

Choose the authentication protocol used by TACACS+ client.
TACACSPLUS_HOST(optional): string

Hostname of TACACS+ server.
TACACSPLUS_PORT(optional): integer

Port number of TACACS+ server.
TACACSPLUS_SECRET(optional): string

Shared secret for authenticating to TACACS+ server.
TACACSPLUS_SESSION_TIMEOUT(optional): integer

TACACS+ session timeout value in seconds, 0 disables timeout.
TOWER_URL_BASE: string

This setting is used by services like notifications to render a valid url to the service.
UI_LIVE_UPDATES_ENABLED: boolean

If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.

{
    "properties":{
        "ACTIVITY_STREAM_ENABLED":{
            "description":"Enable capturing activity for the activity stream.",
            "type":"boolean"
        },
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC":{
            "description":"Enable capturing activity for the activity stream when running inventory sync.",
            "type":"boolean"
        },
        "AD_HOC_COMMANDS":{
            "description":"List of modules allowed to be used by ad-hoc jobs.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "ALLOW_JINJA_IN_EXTRA_VARS":{
            "description":"Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python.  It is recommended that this value be set to \"template\" or \"never\".",
            "type":"string"
        },
        "ALLOW_OAUTH2_FOR_EXTERNAL_USERS":{
            "description":"For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
            "type":"boolean"
        },
        "ANSIBLE_FACT_CACHE_TIMEOUT":{
            "description":"Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
            "type":"integer"
        },
        "API_400_ERROR_LOG_FORMAT":{
            "description":"The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {<variable name>}.",
            "type":"string"
        },
        "AUTH_BASIC_ENABLED":{
            "description":"Enable HTTP Basic Auth for the API Browser.",
            "type":"boolean"
        },
        "AUTH_LDAP_1_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "type":"string"
        },
        "AUTH_LDAP_1_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "type":"string"
        },
        "AUTH_LDAP_1_CONNECTION_OPTIONS":{
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "type":"object"
        },
        "AUTH_LDAP_1_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_1_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_1_GROUP_TYPE":{
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "type":"string"
        },
        "AUTH_LDAP_1_GROUP_TYPE_PARAMS":{
            "description":"Key value parameters to send the chosen group type init method.",
            "type":"object"
        },
        "AUTH_LDAP_1_ORGANIZATION_MAP":{
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_1_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_1_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "type":"string"
        },
        "AUTH_LDAP_1_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "type":"boolean"
        },
        "AUTH_LDAP_1_TEAM_MAP":{
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_ATTR_MAP":{
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "type":"string"
        },
        "AUTH_LDAP_1_USER_FLAGS_BY_GROUP":{
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_2_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "type":"string"
        },
        "AUTH_LDAP_2_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "type":"string"
        },
        "AUTH_LDAP_2_CONNECTION_OPTIONS":{
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "type":"object"
        },
        "AUTH_LDAP_2_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_2_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_2_GROUP_TYPE":{
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "type":"string"
        },
        "AUTH_LDAP_2_GROUP_TYPE_PARAMS":{
            "description":"Key value parameters to send the chosen group type init method.",
            "type":"object"
        },
        "AUTH_LDAP_2_ORGANIZATION_MAP":{
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_2_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_2_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "type":"string"
        },
        "AUTH_LDAP_2_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "type":"boolean"
        },
        "AUTH_LDAP_2_TEAM_MAP":{
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_ATTR_MAP":{
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "type":"string"
        },
        "AUTH_LDAP_2_USER_FLAGS_BY_GROUP":{
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_3_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "type":"string"
        },
        "AUTH_LDAP_3_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "type":"string"
        },
        "AUTH_LDAP_3_CONNECTION_OPTIONS":{
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "type":"object"
        },
        "AUTH_LDAP_3_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_3_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_3_GROUP_TYPE":{
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "type":"string"
        },
        "AUTH_LDAP_3_GROUP_TYPE_PARAMS":{
            "description":"Key value parameters to send the chosen group type init method.",
            "type":"object"
        },
        "AUTH_LDAP_3_ORGANIZATION_MAP":{
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_3_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_3_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "type":"string"
        },
        "AUTH_LDAP_3_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "type":"boolean"
        },
        "AUTH_LDAP_3_TEAM_MAP":{
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_ATTR_MAP":{
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "type":"string"
        },
        "AUTH_LDAP_3_USER_FLAGS_BY_GROUP":{
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_4_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "type":"string"
        },
        "AUTH_LDAP_4_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "type":"string"
        },
        "AUTH_LDAP_4_CONNECTION_OPTIONS":{
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "type":"object"
        },
        "AUTH_LDAP_4_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_4_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_4_GROUP_TYPE":{
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "type":"string"
        },
        "AUTH_LDAP_4_GROUP_TYPE_PARAMS":{
            "description":"Key value parameters to send the chosen group type init method.",
            "type":"object"
        },
        "AUTH_LDAP_4_ORGANIZATION_MAP":{
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_4_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_4_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "type":"string"
        },
        "AUTH_LDAP_4_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "type":"boolean"
        },
        "AUTH_LDAP_4_TEAM_MAP":{
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_ATTR_MAP":{
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "type":"string"
        },
        "AUTH_LDAP_4_USER_FLAGS_BY_GROUP":{
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_5_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "type":"string"
        },
        "AUTH_LDAP_5_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "type":"string"
        },
        "AUTH_LDAP_5_CONNECTION_OPTIONS":{
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "type":"object"
        },
        "AUTH_LDAP_5_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_5_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_5_GROUP_TYPE":{
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "type":"string"
        },
        "AUTH_LDAP_5_GROUP_TYPE_PARAMS":{
            "description":"Key value parameters to send the chosen group type init method.",
            "type":"object"
        },
        "AUTH_LDAP_5_ORGANIZATION_MAP":{
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_5_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_5_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "type":"string"
        },
        "AUTH_LDAP_5_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "type":"boolean"
        },
        "AUTH_LDAP_5_TEAM_MAP":{
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_ATTR_MAP":{
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "type":"string"
        },
        "AUTH_LDAP_5_USER_FLAGS_BY_GROUP":{
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "type":"string"
        },
        "AUTH_LDAP_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "type":"string"
        },
        "AUTH_LDAP_CONNECTION_OPTIONS":{
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "type":"object"
        },
        "AUTH_LDAP_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTH_LDAP_GROUP_TYPE":{
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "type":"string"
        },
        "AUTH_LDAP_GROUP_TYPE_PARAMS":{
            "description":"Key value parameters to send the chosen group type init method.",
            "type":"object"
        },
        "AUTH_LDAP_ORGANIZATION_MAP":{
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "type":"string"
        },
        "AUTH_LDAP_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "type":"string"
        },
        "AUTH_LDAP_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "type":"boolean"
        },
        "AUTH_LDAP_TEAM_MAP":{
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "type":"object"
        },
        "AUTH_LDAP_USER_ATTR_MAP":{
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "type":"object"
        },
        "AUTH_LDAP_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "type":"string"
        },
        "AUTH_LDAP_USER_FLAGS_BY_GROUP":{
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "type":"object"
        },
        "AUTH_LDAP_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AUTOMATION_ANALYTICS_GATHER_INTERVAL":{
            "description":"Interval (in seconds) between data gathering.",
            "type":"integer"
        },
        "AUTOMATION_ANALYTICS_LAST_ENTRIES":{
            "description":"",
            "type":"string"
        },
        "AUTOMATION_ANALYTICS_LAST_GATHER":{
            "description":"",
            "type":"string"
        },
        "AUTOMATION_ANALYTICS_URL":{
            "description":"This setting is used to to configure the upload URL for data collection for Red Hat Insights.",
            "type":"string"
        },
        "AWX_ANSIBLE_CALLBACK_PLUGINS":{
            "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AWX_COLLECTIONS_ENABLED":{
            "description":"Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "type":"boolean"
        },
        "AWX_ISOLATION_BASE_PATH":{
            "description":"The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
            "type":"string"
        },
        "AWX_ISOLATION_SHOW_PATHS":{
            "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "AWX_ROLES_ENABLED":{
            "description":"Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "type":"boolean"
        },
        "AWX_SHOW_PLAYBOOK_LINKS":{
            "description":"Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
            "type":"boolean"
        },
        "AWX_TASK_ENV":{
            "description":"Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
            "type":"object"
        },
        "CUSTOM_LOGIN_INFO":{
            "description":"If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
            "type":"string"
        },
        "CUSTOM_LOGO":{
            "description":"To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
            "type":"string"
        },
        "CUSTOM_VENV_PATHS":{
            "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "DEFAULT_EXECUTION_ENVIRONMENT":{
            "description":"The Execution Environment to be used when one has not been configured for a job template.",
            "type":"integer"
        },
        "DEFAULT_INVENTORY_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
            "type":"integer"
        },
        "DEFAULT_JOB_IDLE_TIMEOUT":{
            "description":"If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to used default idle_timeout is 600s.",
            "type":"integer"
        },
        "DEFAULT_JOB_TIMEOUT":{
            "description":"Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
            "type":"integer"
        },
        "DEFAULT_PROJECT_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
            "type":"integer"
        },
        "DISABLE_LOCAL_AUTH":{
            "description":"Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
            "type":"boolean"
        },
        "EVENT_STDOUT_MAX_BYTES_DISPLAY":{
            "description":"Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.",
            "type":"integer"
        },
        "GALAXY_IGNORE_CERTS":{
            "description":"If set to true, certificate validation will not be done when installing content from any Galaxy server.",
            "type":"boolean"
        },
        "INSIGHTS_TRACKING_STATE":{
            "description":"Enables the service to gather data on automation and send it to Red Hat Insights.",
            "type":"boolean"
        },
        "LOGIN_REDIRECT_OVERRIDE":{
            "description":"URL to which unauthorized users will be redirected to log in.  If blank, users will be sent to the login page.",
            "type":"string"
        },
        "LOG_AGGREGATOR_ENABLED":{
            "description":"Enable sending logs to external log aggregator.",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_HOST":{
            "description":"Hostname/IP where external logs will be sent to.",
            "type":"string"
        },
        "LOG_AGGREGATOR_INDIVIDUAL_FACTS":{
            "description":"If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_LEVEL":{
            "description":"Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
            "type":"string"
        },
        "LOG_AGGREGATOR_LOGGERS":{
            "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "LOG_AGGREGATOR_MAX_DISK_USAGE_GB":{
            "description":"Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting.",
            "type":"integer"
        },
        "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH":{
            "description":"Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
            "type":"string"
        },
        "LOG_AGGREGATOR_PASSWORD":{
            "description":"Password or authentication token for external log aggregator (if required; HTTP/s only).",
            "type":"string"
        },
        "LOG_AGGREGATOR_PORT":{
            "description":"Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
            "type":"integer"
        },
        "LOG_AGGREGATOR_PROTOCOL":{
            "description":"Protocol used to communicate with log aggregator.  HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
            "type":"string"
        },
        "LOG_AGGREGATOR_RSYSLOGD_DEBUG":{
            "description":"Enabled high verbosity debugging for rsyslogd.  Useful for debugging connection issues for external log aggregation.",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_TCP_TIMEOUT":{
            "description":"Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
            "type":"integer"
        },
        "LOG_AGGREGATOR_TOWER_UUID":{
            "description":"Useful to uniquely identify instances.",
            "type":"string"
        },
        "LOG_AGGREGATOR_TYPE":{
            "description":"Format messages for the chosen log aggregator.",
            "type":"string"
        },
        "LOG_AGGREGATOR_USERNAME":{
            "description":"Username for external log aggregator (if required; HTTP/s only).",
            "type":"string"
        },
        "LOG_AGGREGATOR_VERIFY_CERT":{
            "description":"Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
            "type":"boolean"
        },
        "MANAGE_ORGANIZATION_AUTH":{
            "description":"Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
            "type":"boolean"
        },
        "MAX_FORKS":{
            "description":"Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
            "type":"integer"
        },
        "MAX_UI_JOB_EVENTS":{
            "description":"Maximum number of job events for the UI to retrieve within a single request.",
            "type":"integer"
        },
        "MAX_WEBSOCKET_EVENT_RATE":{
            "description":"Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
            "type":"integer"
        },
        "OAUTH2_PROVIDER":{
            "description":"Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
            "type":"object"
        },
        "ORG_ADMINS_CAN_SEE_ALL_USERS":{
            "description":"Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
            "type":"boolean"
        },
        "PROJECT_UPDATE_VVV":{
            "description":"Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
            "type":"boolean"
        },
        "PROXY_IP_ALLOWED_LIST":{
            "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "RADIUS_PORT":{
            "description":"Port of RADIUS server.",
            "type":"integer"
        },
        "RADIUS_SECRET":{
            "description":"Shared secret for authenticating to RADIUS server.",
            "type":"string"
        },
        "RADIUS_SERVER":{
            "description":"Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
            "type":"string"
        },
        "REDHAT_PASSWORD":{
            "description":"This password is used to send data to Insights for Ansible Automation Platform",
            "type":"string"
        },
        "REDHAT_USERNAME":{
            "description":"This username is used to send data to Insights for Ansible Automation Platform",
            "type":"string"
        },
        "REMOTE_HOST_HEADERS":{
            "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the Adminstrator guide for more details.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "SAML_AUTO_CREATE_OBJECTS":{
            "description":"When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
            "type":"boolean"
        },
        "SCHEDULE_MAX_JOBS":{
            "description":"Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
            "type":"integer"
        },
        "SESSIONS_PER_USER":{
            "description":"Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
            "type":"integer"
        },
        "SESSION_COOKIE_AGE":{
            "description":"Number of seconds that a user is inactive before they will need to login again.",
            "type":"integer"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY":{
            "description":"The OAuth2 key (Client ID) from your Azure AD application.",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your Azure AD application.",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME":{
            "description":"The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID":{
            "description":"Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub developer application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_NAME":{
            "description":"The name of your GitHub organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub developer application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ID":{
            "description":"Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS":{
            "description":"Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
            "type":"object"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY":{
            "description":"The OAuth2 key from your web application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET":{
            "description":"The OAuth2 secret from your web application.",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS":{
            "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "SOCIAL_AUTH_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_ENABLED_IDPS":{
            "description":"Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_EXTRA_DATA":{
            "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR":{
            "description":"Used to translate user organization membership.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_MAP":{
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_ORG_INFO":{
            "description":"Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_SECURITY_CONFIG":{
            "description":"A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_SP_ENTITY_ID":{
            "description":"The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_EXTRA":{
            "description":"A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY":{
            "description":"Create a keypair to use as a service provider (SP) and include the private key content here.",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT":{
            "description":"Create a keypair to use as a service provider (SP) and include the certificate content here.",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT":{
            "description":"Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_TEAM_ATTR":{
            "description":"Used to translate user team membership.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT":{
            "description":"Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR":{
            "description":"Used to map super users and system auditors from SAML.",
            "type":"object"
        },
        "SOCIAL_AUTH_TEAM_MAP":{
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "type":"object"
        },
        "SOCIAL_AUTH_USER_FIELDS":{
            "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
            "items":{
                "type":"string"
            },
            "type":"array"
        },
        "STDOUT_MAX_BYTES_DISPLAY":{
            "description":"Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
            "type":"integer"
        },
        "SUBSCRIPTIONS_PASSWORD":{
            "description":"This password is used to retrieve subscription and content information",
            "type":"string"
        },
        "SUBSCRIPTIONS_USERNAME":{
            "description":"This username is used to retrieve subscription and content information",
            "type":"string"
        },
        "TACACSPLUS_AUTH_PROTOCOL":{
            "description":"Choose the authentication protocol used by TACACS+ client.",
            "type":"string"
        },
        "TACACSPLUS_HOST":{
            "description":"Hostname of TACACS+ server.",
            "type":"string"
        },
        "TACACSPLUS_PORT":{
            "description":"Port number of TACACS+ server.",
            "type":"integer"
        },
        "TACACSPLUS_SECRET":{
            "description":"Shared secret for authenticating to TACACS+ server.",
            "type":"string"
        },
        "TACACSPLUS_SESSION_TIMEOUT":{
            "description":"TACACS+ session timeout value in seconds, 0 disables timeout.",
            "type":"integer"
        },
        "TOWER_URL_BASE":{
            "description":"This setting is used by services like notifications to render a valid url to the service.",
            "type":"string"
        },
        "UI_LIVE_UPDATES_ENABLED":{
            "description":"If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
            "type":"boolean"
        }
    },
    "required":[
        "ACTIVITY_STREAM_ENABLED",
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC",
        "ORG_ADMINS_CAN_SEE_ALL_USERS",
        "MANAGE_ORGANIZATION_AUTH",
        "TOWER_URL_BASE",
        "REMOTE_HOST_HEADERS",
        "PROXY_IP_ALLOWED_LIST",
        "ALLOW_JINJA_IN_EXTRA_VARS",
        "AWX_ISOLATION_BASE_PATH",
        "PROJECT_UPDATE_VVV",
        "STDOUT_MAX_BYTES_DISPLAY",
        "EVENT_STDOUT_MAX_BYTES_DISPLAY",
        "SCHEDULE_MAX_JOBS",
        "AUTOMATION_ANALYTICS_LAST_GATHER",
        "SESSION_COOKIE_AGE",
        "SESSIONS_PER_USER",
        "DISABLE_LOCAL_AUTH",
        "AUTH_BASIC_ENABLED",
        "MAX_UI_JOB_EVENTS",
        "UI_LIVE_UPDATES_ENABLED",
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT",
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY",
        "SOCIAL_AUTH_SAML_ORG_INFO",
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT",
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT"
    ],
    "type":"object"
}

Nested Schema : AD_HOC_COMMANDS

Type: array

List of modules allowed to be used by ad-hoc jobs.

Show Source

Array of: string

{
    "description":"List of modules allowed to be used by ad-hoc jobs.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_1_CONNECTION_OPTIONS

Type: object

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.

Nested Schema : AUTH_LDAP_1_GROUP_SEARCH

Type: array

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_1_GROUP_TYPE_PARAMS

Type: object

Key value parameters to send the chosen group type init method.

Nested Schema : AUTH_LDAP_1_ORGANIZATION_MAP

Type: object

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_1_TEAM_MAP

Type: object

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_1_USER_ATTR_MAP

Type: object

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.

Nested Schema : AUTH_LDAP_1_USER_FLAGS_BY_GROUP

Type: object

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_1_USER_SEARCH

Type: array

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_2_CONNECTION_OPTIONS

Type: object

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.

Nested Schema : AUTH_LDAP_2_GROUP_SEARCH

Type: array

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_2_GROUP_TYPE_PARAMS

Type: object

Key value parameters to send the chosen group type init method.

Nested Schema : AUTH_LDAP_2_ORGANIZATION_MAP

Type: object

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_2_TEAM_MAP

Type: object

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_2_USER_ATTR_MAP

Type: object

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.

Nested Schema : AUTH_LDAP_2_USER_FLAGS_BY_GROUP

Type: object

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_2_USER_SEARCH

Type: array

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_3_CONNECTION_OPTIONS

Type: object

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.

Nested Schema : AUTH_LDAP_3_GROUP_SEARCH

Type: array

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_3_GROUP_TYPE_PARAMS

Type: object

Key value parameters to send the chosen group type init method.

Nested Schema : AUTH_LDAP_3_ORGANIZATION_MAP

Type: object

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_3_TEAM_MAP

Type: object

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_3_USER_ATTR_MAP

Type: object

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.

Nested Schema : AUTH_LDAP_3_USER_FLAGS_BY_GROUP

Type: object

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_3_USER_SEARCH

Type: array

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_4_CONNECTION_OPTIONS

Type: object

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.

Nested Schema : AUTH_LDAP_4_GROUP_SEARCH

Type: array

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_4_GROUP_TYPE_PARAMS

Type: object

Key value parameters to send the chosen group type init method.

Nested Schema : AUTH_LDAP_4_ORGANIZATION_MAP

Type: object

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_4_TEAM_MAP

Type: object

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_4_USER_ATTR_MAP

Type: object

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.

Nested Schema : AUTH_LDAP_4_USER_FLAGS_BY_GROUP

Type: object

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_4_USER_SEARCH

Type: array

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_5_CONNECTION_OPTIONS

Type: object

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.

Nested Schema : AUTH_LDAP_5_GROUP_SEARCH

Type: array

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_5_GROUP_TYPE_PARAMS

Type: object

Key value parameters to send the chosen group type init method.

Nested Schema : AUTH_LDAP_5_ORGANIZATION_MAP

Type: object

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_5_TEAM_MAP

Type: object

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_5_USER_ATTR_MAP

Type: object

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.

Nested Schema : AUTH_LDAP_5_USER_FLAGS_BY_GROUP

Type: object

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_5_USER_SEARCH

Type: array

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_CONNECTION_OPTIONS

Type: object

Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.

Nested Schema : AUTH_LDAP_GROUP_SEARCH

Type: array

Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.

Show Source

Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AUTH_LDAP_GROUP_TYPE_PARAMS

Type: object

Key value parameters to send the chosen group type init method.

Nested Schema : AUTH_LDAP_ORGANIZATION_MAP

Type: object

Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_TEAM_MAP

Type: object

Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.

Nested Schema : AUTH_LDAP_USER_ATTR_MAP

Type: object

Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.

Nested Schema : AUTH_LDAP_USER_FLAGS_BY_GROUP

Type: object

Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.

Nested Schema : AUTH_LDAP_USER_SEARCH

Type: array

LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.

Show Source

Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AWX_ANSIBLE_CALLBACK_PLUGINS

Type: array

List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.

Show Source

Array of: string

{
    "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AWX_ISOLATION_SHOW_PATHS

Type: array

List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.

Show Source

Array of: string

{
    "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : AWX_TASK_ENV

Type: object

Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.

Nested Schema : CUSTOM_VENV_PATHS

Type: array

Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.

Show Source

Array of: string

{
    "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : LOG_AGGREGATOR_LOGGERS

Type: array

List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs.

Show Source

Array of: string

{
    "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : OAUTH2_PROVIDER

Type: object

Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.

Nested Schema : PROXY_IP_ALLOWED_LIST

Type: array

If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')

Show Source

Array of: string

{
    "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : REMOTE_HOST_HEADERS

Type: array

HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the Adminstrator guide for more details.

Show Source

Array of: string

{
    "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the Adminstrator guide for more details.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS

Type: object

Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.

Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Type: array

Update this setting to restrict the domains who are allowed to login using Google OAuth2.

Show Source

Array of: string

{
    "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : SOCIAL_AUTH_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_SAML_ENABLED_IDPS

Type: object

Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.

Nested Schema : SOCIAL_AUTH_SAML_EXTRA_DATA

Type: array

A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.

Show Source

Array of: string

{
    "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Nested Schema : SOCIAL_AUTH_SAML_ORG_INFO

Type: object

Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.

Nested Schema : SOCIAL_AUTH_SAML_ORGANIZATION_ATTR

Type: object

Used to translate user organization membership.

Nested Schema : SOCIAL_AUTH_SAML_ORGANIZATION_MAP

Type: object

Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_SAML_SECURITY_CONFIG

Type: object

A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings

Nested Schema : SOCIAL_AUTH_SAML_SP_EXTRA

Type: object

A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.

Nested Schema : SOCIAL_AUTH_SAML_SUPPORT_CONTACT

Type: object

Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.

Nested Schema : SOCIAL_AUTH_SAML_TEAM_ATTR

Type: object

Used to translate user team membership.

Nested Schema : SOCIAL_AUTH_SAML_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_SAML_TECHNICAL_CONTACT

Type: object

Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.

Nested Schema : SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR

Type: object

Used to map super users and system auditors from SAML.

Nested Schema : SOCIAL_AUTH_TEAM_MAP

Type: object

Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.

Nested Schema : SOCIAL_AUTH_USER_FIELDS

Type: array

When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.

Show Source

Array of: string

{
    "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
    "items":{
        "type":"string"
    },
    "type":"array"
}

Test Logging Configuration

Request

Response

201 Response

403 Response

409 Response