authentication_settings

The following methods allow for interaction with the ZIA Authentication Settings API endpoints.

Methods are accessible via zia.authentication_settings

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class AuthenticationSettingsAPI

Bases: APIClient

A Client object for the Authentication Settings resource.

add_urls_to_exempt_list(url_list)

Adds the provided URLs to the exempt list.

Parameters:

url_list (list of str) – The list of URLs to be added.

Returns:

A tuple containing (updated AuthenticationSettings instance, Response, error)

Return type:

tuple

Examples

>>> exempted_urls, response, error = zia.authentication_settings.add_urls_to_exempt_list(["example.com"])
delete_urls_from_exempt_list(url_list)

Deletes the provided URLs from the exemption list.

Parameters:

url_list (list of str) – The list of URLs to be removed.

Returns:

A tuple containing (updated AuthenticationSettings instance, Response, error)

Return type:

tuple

Examples

>>> exempted_urls, response, error = zia.authentication_settings.delete_urls_from_exempt_list(["example.com"])
get_authentication_settings()

Retrieves the organization’s default authentication settings.

Returns:

A tuple containing:

  • AuthenticationSettings: The current authentication settings object.

  • Response: The raw HTTP response returned by the API.

  • error: An error message if the request failed; otherwise, None.

Return type:

tuple

Examples

Retrieve and print the current authentication settings:

>>> settings, response, err = client.zia.authentication_settings.get_authentication_settings()
>>> if err:
...     print(f"Error fetching settings: {err}")
... else:
...     print(f"Saml Enabled: {settings.saml_enabled}")
get_authentication_settings_lite()

Retrieves the organization’s default authentication settings information.

Returns:

A tuple containing:

  • AuthenticationSettings: The current authentication settings object.

  • Response: The raw HTTP response returned by the API.

  • error: An error message if the request failed; otherwise, None.

Return type:

tuple

Examples

Retrieve and print the current authentication settings:

>>> settings, response, err = client.zia.authentication_settings.get_authentication_settings()
>>> if err:
...     print(f"Error fetching settings: {err}")
... else:
...     print(f"Saml Enabled: {settings.saml_enabled}")
get_exempted_urls()

Gets a list of URLs that were exempted from cookie authentication.

Returns:

A tuple containing:

  • list[str]: List of domains or URLs which are exempted from SSL Inspection

  • Response: The raw HTTP response from the API.

  • error: Error details if the request fails.

Return type:

tuple

update_authentication_settings(**kwargs)

Updates the organization’s default authentication settings information.

Parameters:

  • settings (AuthenticationSettings) – An instance of AuthenticationSettings

  • configuration. (containing the updated)

Supported attributes:

  • org_auth_type (str): User authentication type. Setting this to an LDAP-based authentication requires a complete LdapProperties configuration.

  • one_time_auth (str): When the org_auth_type is NONE, administrators must manually provide the password to new end users.

  • saml_enabled (bool): Whether or not to authenticate users using SAML Single Sign-On.

  • kerberos_enabled (bool): Whether or not to authenticate users using Kerberos.

  • kerberos_pwd (str): Read-only. Can only be set through the generate KerberosPassword API.

  • auth_frequency (str): How frequently users are required to authenticate (e.g., cookie expiration duration).

  • auth_custom_frequency (int): Custom frequency in days for authentication. Valid range: 1-180.

  • password_strength (str): Password strength for form-based authentication. Supported values: NONE, MEDIUM, STRONG.

  • password_expiry (str): Password expiration for hosted DB users. Supported values: NEVER, ONE_MONTH, THREE_MONTHS, SIX_MONTHS.

  • last_sync_start_time (int): Epoch timestamp representing start of last LDAP sync.

  • last_sync_end_time (int): Epoch timestamp representing end of last LDAP sync.

  • mobile_admin_saml_idp_enabled (bool): Indicates use of Mobile Admin as an IdP.

  • auto_provision (bool): Enables SAML Auto-Provisioning.

  • directory_sync_migrate_to_scim_enabled (bool): Enables migration to SCIM by disabling legacy sync.

Returns:

A tuple containing:

  • AuthenticationSettings: The updated authentication settings object.

  • Response: The raw HTTP response returned by the API.

  • error: An error message if the update failed; otherwise, None.

Return type:

tuple

Examples

Update authentication settings:

>>> settings, _, error = client.zia.authentication_settings.update_authentication_settings(
...     org_auth_type='ANY',
...     auth_frequency='DAILY_COOKIE',
... )
>>> if error:
...     print(f"Error updating authentication settings: {error}")
... else:
...     print(f"Settings updated: {settings.as_dict()}")