Auth0 · Schema

ConnectionOptionsAD

Options for the 'ad' connection

AI AgentsAuthenticationAuthorizationFGAIdentity ManagementMCPOAuthOktaOpenID ConnectSAMLSecuritySCIM
View JSON Schema on GitHub

JSON Schema

auth0-connectionoptionsad-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/ConnectionOptionsAD",
  "title": "ConnectionOptionsAD",
  "description": "Options for the 'ad' connection",
  "type": "object",
  "allOf": [
    {
      "$ref": "#/components/schemas/ConnectionOptionsCommon"
    },
    {
      "type": "object",
      "properties": {
        "agentIP": {
          "$ref": "#/components/schemas/ConnectionAgentIPAD"
        },
        "agentMode": {
          "$ref": "#/components/schemas/ConnectionAgentModeAD"
        },
        "agentVersion": {
          "$ref": "#/components/schemas/ConnectionAgentVersionAD"
        },
        "brute_force_protection": {
          "$ref": "#/components/schemas/ConnectionBruteForceProtection"
        },
        "certAuth": {
          "type": "boolean",
          "description": "Enables client SSL certificate authentication for the AD connector, requiring HTTPS on the sign-in endpoint"
        },
        "certs": {
          "$ref": "#/components/schemas/ConnectionCertsAD"
        },
        "disable_cache": {
          "type": "boolean",
          "description": "When enabled, disables caching of AD connector authentication results to ensure real-time validation against the directory"
        },
        "disable_self_service_change_password": {
          "type": "boolean",
          "description": "When enabled, hides the 'Forgot Password' link on login pages to prevent users from initiating self-service password resets"
        },
        "domain_aliases": {
          "$ref": "#/components/schemas/ConnectionDomainAliasesAD"
        },
        "icon_url": {
          "$ref": "#/components/schemas/ConnectionIconUrl"
        },
        "ips": {
          "$ref": "#/components/schemas/ConnectionIpsAD"
        },
        "kerberos": {
          "type": "boolean",
          "description": "Enables Windows Integrated Authentication (Kerberos) for seamless SSO when users authenticate from within the corporate network IP ranges",
          "default": false
        },
        "set_user_root_attributes": {
          "$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
        },
        "signInEndpoint": {
          "$ref": "#/components/schemas/ConnectionSignInEndpointAD"
        },
        "tenant_domain": {
          "$ref": "#/components/schemas/ConnectionTenantDomainAD"
        },
        "thumbprints": {
          "$ref": "#/components/schemas/ConnectionThumbprintsAD"
        },
        "upstream_params": {
          "$ref": "#/components/schemas/ConnectionUpstreamParams"
        }
      }
    }
  ],
  "additionalProperties": true
}