authentik/website/integrations/services/zabbix/index.md

---
title: Zabbix
---

<span class="badge badge--secondary">Support level: Community</span>

## What is Zabbix

> Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
>
> Zabbix is Open Source and comes at no cost.
>
> -- https://www.zabbix.com/features

## Preparation

The following placeholders will be used:

-   `zabbix.company` is the FQDN of the Zabbix install.
-   `authentik.company` is the FQDN of the authentik install.

Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:

-   ACS URL: `https://zabbix.company/zabbix/index_sso.php?acs`
-   Issuer: `zabbix`
-   Service Provider Binding: Post

You can of course use a custom signing certificate, and adjust durations.

## Zabbix Configuration

Navigate to `https://zabbix.company/zabbix/zabbix.php?action=authentication.edit` and select SAML settings to configure SAML.

Check the box to enable SAML authentication.

Set the Field `IdP entity ID` to `zabbix`.

Set the Field `SSO service URL` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/`.

Set the Field `Username attribute` to `http://schemas.goauthentik.io/2021/02/saml/username`

Set the Field `SP entity ID` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/`

Set the Field `SP name ID format` to `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`

Check the box for `Case sensitive login`.

For the `SAML Service Provider Certificate` and `SAML Service Provider Private Key`, you can either use custom certificates, or use the self-signed pair generated by authentik.

Copy the cert and key to `/usr/share/zabbix/conf/certs/`, the system looks for `sp.key` and `sp.crt` by default.

The certificate path can be configured in the Zabbix frontend configuration file (zabbix.conf.php)

```
$SSO['SP_KEY'] = '<path to the SP private key file>';
$SSO['SP_CERT'] = '<path to the SP cert file>';
```

For additional security you can enable the Verification Certificate by checking the `Sign -> AuthN requests` in the Zabbix configuration and adding the IDP Certificate to the cert path above or defining it in your Zabbix frontend configuration file.

```
$SSO['IDP_CERT'] = '<path to the IDP cert file>';
```
Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00			`---`
			`title: Zabbix`
			`---`

website/docs: support levels (#3103) * website/docs: add badges for integration level Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add badge for sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-06-15 19:31:34 +00:00			`<span class="badge badge--secondary">Support level: Community</span>`

Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00			`## What is Zabbix`

website/integrations: cite better (#6431) * update awx-tower to RHAAP Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to new quotation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update all Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-07-31 10:16:58 +00:00			`> Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.`
			`>`
			`> Zabbix is Open Source and comes at no cost.`
			`>`
			`> -- https://www.zabbix.com/features`
Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00
			`## Preparation`

			`The following placeholders will be used:`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- `zabbix.company` is the FQDN of the Zabbix install.
			- `authentik.company` is the FQDN of the authentik install.
Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00
			`Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- ACS URL: `https://zabbix.company/zabbix/index_sso.php?acs`
			- Issuer: `zabbix`
			`- Service Provider Binding: Post`
Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00
			`You can of course use a custom signing certificate, and adjust durations.`

			`## Zabbix Configuration`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			Navigate to `https://zabbix.company/zabbix/zabbix.php?action=authentication.edit` and select SAML settings to configure SAML.
Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00
			`Check the box to enable SAML authentication.`

			Set the Field `IdP entity ID` to `zabbix`.

website/docs: Added missing SSO server URL field for Zabbix (#1780) 2021-11-11 20:06:33 +00:00			Set the Field `SSO service URL` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/`.

Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00			Set the Field `Username attribute` to `http://schemas.goauthentik.io/2021/02/saml/username`

			Set the Field `SP entity ID` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/`

website/docs: Added setting for SP name ID format (#1072) 2021-06-23 16:02:49 +00:00			Set the Field `SP name ID format` to `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`

Zabbix Integration Instructions (#960) 2021-06-02 21:16:52 +00:00			Check the box for `Case sensitive login`.

			For the `SAML Service Provider Certificate` and `SAML Service Provider Private Key`, you can either use custom certificates, or use the self-signed pair generated by authentik.

			Copy the cert and key to `/usr/share/zabbix/conf/certs/`, the system looks for `sp.key` and `sp.crt` by default.

			`The certificate path can be configured in the Zabbix frontend configuration file (zabbix.conf.php)`

			```
			`$SSO['SP_KEY'] = '<path to the SP private key file>';`
			`$SSO['SP_CERT'] = '<path to the SP cert file>';`
			```

			For additional security you can enable the Verification Certificate by checking the `Sign -> AuthN requests` in the Zabbix configuration and adding the IDP Certificate to the cert path above or defining it in your Zabbix frontend configuration file.

			```
			`$SSO['IDP_CERT'] = '<path to the IDP cert file>';`
			```