--- title: Integrate with Zabbix sidebar_label: Zabbix support_level: community --- ## What is Zabbix > Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. > > Zabbix is Open Source and comes at no cost. > > -- https://www.zabbix.com/features ## Preparation The following placeholders are used in this guide: - `zabbix.company` is the FQDN of the Zabbix installation. - `authentik.company` is the FQDN of the authentik installation. :::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. ::: ## authentik configuration To support the integration of Zabbix with authentik, you need to create an application/provider pair in authentik. ### Create an application and provider in authentik 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://zabbix.company/zabbix/index_sso.php?acs`. - Set the **Issuer** to `zabbix`. - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available signing certificate. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider. ## Zabbix configuration Navigate to `https://zabbix.company/zabbix/zabbix.php?action=authentication.edit` and select SAML settings to configure SAML. Check the box to enable SAML authentication. Set the Field `IdP entity ID` to `zabbix`. Set the Field `SSO service URL` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/`. Set the Field `Username attribute` to `http://schemas.goauthentik.io/2021/02/saml/username` Set the Field `SP entity ID` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/` Set the Field `SP name ID format` to `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` Check the box for `Case sensitive login`. For the `SAML Service Provider Certificate` and `SAML Service Provider Private Key`, you can either use custom certificates, or use the self-signed pair generated by authentik. Copy the cert and key to `/usr/share/zabbix/conf/certs/`, the system looks for `sp.key` and `sp.crt` by default. The certificate path can be configured in the Zabbix frontend configuration file (zabbix.conf.php) ``` $SSO['SP_KEY'] = ''; $SSO['SP_CERT'] = ''; ``` For additional security you can enable the Verification Certificate by checking the `Sign -> AuthN requests` in the Zabbix configuration and adding the IDP Certificate to the cert path above or defining it in your Zabbix frontend configuration file. ``` $SSO['IDP_CERT'] = ''; ```