Disable Password Authentication

Sysdig Platform supports disabling password-based authentication on both SaaS and on-prem deployments. As an administrator (super administrator for on-prem), you can use an API to achieve it. This configuration is applicable to those who use single sign-on.

SaaS Deployments

As an administrator, perform the following:

  1. Get the Sysdig Platform settings:

    GET https://app.sysdigcloud.com/api/auth/settings/
  2. Find the ID of the active SSO setup:

    GET https://app.sysdigcloud.com/api/auth/settings/active
  3. Retrieve the specific settings associated with the SSO setup:

    GET https://app.sysdigcloud.com/api/auth/settings/{id}

    The setting is displayed in a JSON file.

  4. In the JSON file, change the following from false to true:

    settings/forbidPasswordLogin: True 
  5. Update the setting with a request to the same URL with the same JSON, with the changed parameter. URL depends on the type of deployment.

    PUT https://app.sysdigcloud.com/api/auth/settings/{id}

On-Prem Deployments

As a super administrator, perform the following:

  1. Get the Sysdig Platform settings:

    GET https://<URL-installation>/api/admin/auth/settings

    Replace <URL-installation> with the URL of your on-prem deployment.

  2. Retrieve the specific settings associated with the SSO setup. In a typical scenario, only one IDP exists per deployment.

    GET https://<URL-installation>/api/auth/settings/{id}

    The setting is displayed in a JSON file.

  3. In the JSON file, change the following from false to true:

    settings/forbidPasswordLogin: True
  4. Update the setting with a request to the same URL with the same JSON, with the changed parameter. URL depends on the type of deployment.

    PUT https://app.sysdigcloud.com/api/admin/auth/settings/{id}
    

Migrating from the ConfigMap Method

Previously, the sysdigcloud.restrict.password.login parameter in the Kubernetes ConfigMap has been used to disable password authentication. After installing 3.2.0, deployments utilizing the sysdigcloud.restrict.password.login settings will be automatically migrated to use the new settings.