sophos.sophos_firewall.sfos_authentication_azure module – Manage Authentication settings AzureADSSO

Note

This module is part of the sophos.sophos_firewall collection (version 2.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_authentication_azure.

New in sophos.sophos_firewall 1.3.0

Synopsis

• Manage authentication servers (Configure > Authentication > Servers> Add) on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
applicationid string	Aplication Client ID
clientsecret string	Client secret
displayname string	Display name use “upn” Choices: "upn"
emailaddress string	e-mail address use “email” Choices: "email"
fallbackusergroup string	Fallback user group auto completed Choices: "open group" "guest group"
redirecturi string	Redirect URI
rolemapping string	Identifier type and profile for administrator user type
identifiertype list / elements=string
identifiervalue list / elements=string
profileid list / elements=string
servername string	Name of Server
tenantid string	Directory tenant ID
usertype string	User type selection Choices: "user" "administrator"

Examples

- name: Update Azure AD SSO
  sophos.sophos_firewall.sfos_authentication_azureadsso:
    servername: SophosFirewallSSO
    applicationid: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
    tenantid: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
    redirecturi: sophosfirewall.net
    displayname: upn
    emailaddress: email
    fallbackusergroup: Open Group
    usertype: Administrator
    rolemapping:
    identifiertypeandprofile:
        identifiertype:
            - groups
            - groups
            - groups
        identifiervalue:
            - AAD-SFNetAdministrators
            - AAD-SFEEReadOnly
            - AAD-SFAudit
        profileid:
            - Administrator
            - ReadOnly
            - Audit Admin
    state: updated

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

• Philip Finucane (@philfinucane)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.