These parameters are shared by various sources: Google Workspace, Azure AD, Okta Directory, MSAD/LDAP, etc. Source-specific parameters are listed in each source article.
The following override mechanisms will be processed in order, the last override representing the final value:
- Default value
- config.json file on the CWD of the service process
- Docker-provisioned secret (/run/secrets/<key>)
- AWS SSM (all keys prefixed with the value from the ‘prefix’ key; disable check with env variable DISABLE_AWS_SSM=1 )
- AWS SecretsManager (all keys prefixed with the value from the ‘prefix’ key; disable check with env variable DISABLE_AWS_SEC_MANAGER=1 )
- Environment variable, prefixed with FYDE_, all caps and replacing dashes ( - ) with underscores ( _ ).
- Command-line arguments in long-form notation like ‘--example’, all keys underscores converted to dashes.
The following is a complete list of all configuration parameters used by this program.
| Key | Default | Type | Description |
|---|---|---|---|
api_ca_validation | True | bool | Validate the TLS certificates of the API server |
api_timeout | 60 | int | Timeout to fail a connection to the API server |
dry-run | False | bool | This flag will run all the synchronization and delta calculation steps, but it will not send the changes over to the Enterprise Console. |
enrollment_token | None | string | Enrollment token provided by the CloudGen Access Console |
force-full-sync | False | bool | Force a full sync of the directory source. |
groups-excluded | string | Group import filtering (regex). Note that all groups are still imported. This will filter the users that are imported. | |
groups-included | string | Group import filtering (regex). Note that all groups are still imported. This will filter the users that are imported. | |
http-proxy | string | Use HTTP proxy. Example: http://proxy.host:1234/ or socks5://10.0.0.1:5555 | |
https-proxy | string | Use HTTPS proxy. Example: https://proxy.host:1234/ or socks5://10.0.0.1:5555 | |
live_test_timeout | 30 | int | Liveness of the redis data for active jobs in server_mode. If data about a pending job is not refreshed by the end of this timeout, the system considers the connector instance handling the job has died and cleans up the associated data. |
logfile | string | Log file to send all output. It is also sent to stderr by default. | |
loglevel | info | string | Log level to use. Valid values error/warning/info/debug |
only-matched-groups | True | bool | Decides if it should push only groups that match the group filters, or all of them. |
prefix | fyde_ | string | Define the prefix used for keys stored in AWS SSM and AWS SecretsManager |
prometheus | False | bool | Prometheus metrics for the connector |
prometheus_port | 9000 | int | Prometheus port |
run_once | False | bool | Run only one sync cycle and exit |
server_host | 127.0.0.1 | string | IP address to listen to for requests when running in server_mode |
server_mode | False | bool | Run connector in microservice mode |
server_port | 8000 | int | Port to listen in server_mode |
sync_cycle | 900 | int | Time to wait between sync cycles |
sync_error_backoff | 30 | int | Time to wait before retrying a failed sync attempt |
sync_job_completion | 30 | int | Time to wait between polls to confirm a sync job has been processed |
users-excluded | string | User import filtering (regex). Note that all groups are still imported. This will filter the users that are imported. | |
users-included | string | User import filtering (regex). Note that all groups are still imported. This will filter the users that are imported. |