Disable Password Authentication (SaaS)

Sysdig Platform supports disabling password-based authentication on both SaaS and on-prem deployments. As an administrator (super administrator for on-prem), you can use either the Authentication option in the UI or the API to achieve it. This configuration is applicable to those who use single sign-on (SSO).

For On-Prem environments, see Disable Password Authentication.

Using the UI

You can use the UI to disable password authentication only for SAML and OpenID authentication methods. For Google Oauth, use the API method as given below.

To disable password authentication through the UI:

  1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings. Settings can be found in the user menu at the bottom left of the screen.
  2. Click Authentication(SSO).
  3. Choose your authentication method. Disabling password authentication through the UI is not supported for Google Oauth.
  4. Use the Disable username and password login slider to turn off password authentication.
  5. Click Save Settings.

Using the API

To disable password authentication through the Sysdig API, follow these steps:

  1. Get the Sysdig Platform settings:

    See SaaS Regions and IP Ranges and identify the correct domain URL associated with your Sysdig application and region. For example, for Sysdig Monitor on US East is:

    GET https://app.sysdigcloud.com/api/auth/settings/

    For other regions, the format is https://<region>.app.sysdig.com/api/auth/settings. Replace <region> with the region where your Sysidig application is hosted. For example, for Sysdig Monitor in the EU, use https://eu1.app.sysdig.com/api/auth/settings.

  2. Find the ID of the active SSO setup:

    GET https://app.sysdigcloud.com/api/auth/settings/active
  3. Retrieve the specific settings associated with the SSO setup:

    GET https://app.sysdigcloud.com/api/auth/settings/{id}

    The setting is displayed in a JSON file.

  4. In the JSON file, change the following from false to true:

    settings/forbidPasswordLogin: True
  5. Update the setting with a request to the same URL with the same JSON, with the changed parameter. The URL depends on the type of deployment.

    PUT https://app.sysdigcloud.com/api/auth/settings/{id}