getOrgSettings
GET https://{{host}}/api/v1/orgs/:org_id/setting
Response Parameters
| Name | Type | Description |
|---|---|---|
name | string | org name |
password_policy | object | password policy |
enabled | boolean | whether the policy is enabled, default is false |
freshness | int | days, required if password policy is enabled |
min_length | int | required password length, default is 8 |
requires_special_char | boolean | whether to require special character, default is false |
requires_two_factor_auth | boolean | whether to require two-factor auth, default is false |
ui_idle_timeout | int | automatically logout the user when UI session is inactive, 0-480 in minutes, default is 0 (disabled) |
mgmt | object | management-related properties |
use_wxtunnel | boolean | whether to use wxtunnel for mgmt connectivity, default is false |
use_mxtunnel | boolean | whether to use Mist Tunnel for mgmt connectivity, default is false, this takes precedence over use_wxtunnel |
mxtunnel_ids | list | list of Mist Tunnels |
disable_pcap | boolean | whether to disallow Mist to analyze pcap files (this is required for marvis pcap), default is false |
max_pkt_len | int | max_len of non-management packets to capture, default is 128, maximum is 128 |
disable_local_ssh | boolean | whether to disable local SSH (by default, local SSH is enabled with allow_mist in Org is enabled |
limit_ssh_access | boolean | whether to allow certain SSH keys to SSH into the AP (see Site:Setting), default is false |
fips_zeroize_password | string | password required to zeroize devices (FIPS) on site level |
cacerts | list | list of PEM-encoded ca certs |
device_cert | object | common device cert, optional |
tags | list | list of tags |
remote_syslog | object | syslog parameters |
device_updown_threshold | int | enable threshold-based device down delivery via 1) device-updowns webhooks topic, 2) Mist Alert Framework; e.g. send AP/SW/GW down event only if AP/SW/GW Up is not seen within the threshold in minutes; 0 - 30, default is 0 (trigger immediate) |
simple_alert | object | threshold setting for dhcp, dns, arp failure alerts. Alert generates if there are x (int) failures or y (int) clients failing within z (int) minutes per server, where 5<=z<=60. Defaults: dhcp_failure: {client_count: 10, incident_count: 20, duration: 10}, dns_failure: {client_count: 20 , incident_count: 30 , duration: 10}, arp_failure: {client_count: 10 , incident_count: 10 , duration: 20} |
Automatic Site Assignment
Auto Site Assignment can be enabled to automatically assign APs to sites. Once enabled, when an AP in the Org inventory is seen online (e.g. freshly installed), we will try to use the criteria defined to identify the Site Name. Only when a non-empty Site Name is identified and the Site exists, the AP will be assigned to the site.
Automatic Device Naming
Automatic Device Naming works along with Automatic Site Assignment. When an AP that’s already assigned to a site that has no name, we will try to use the criteria defined to name the device. Only when a non-empty Name is identified and no AP with the same name exists in the same Site, the AP will be assigned the name.
RESPONSES
status: OK
"{\n \"password_policy\": {\n \"enabled\": true,\n \"freshness\": 60,\n \"min_length\": 8,\n \"requires_special_char\": false,\n \"requires_two_factor_auth\": true\n },\n \"ui_idle_timeout\": 10,\n\n \"mgmt\": {\n \"use_wxtunnel\": false,\n \"use_mxtunnel\": true,\n \"mxtunnel_ids\": [\"08cd7499-5841-51c8-e663-fb16b6f3b45e\"]\n },\n\n \"disable_pcap\": false,\n \"pcap\": {\n \"bucket\": \"myorg-pcap\",\n \"max_pkt_len\": 128\n },\n \"pcap_bucket_verified\": true,\n\n \"security\": {\n \"disable_local_ssh\": false,\n \"limit_ssh_access\": false,\n \"fips_zeroize_password\": \"NUKETHESITE\"\n },\n\n \"installer\": {\n \"grace_period\": 14, \n \"extra_site_ids\": [\n \"4ac1dcf4-9d8b-7211-65c4-057819f0862b\",\n \"52f4347e-3e4b-186c-21ca-ad5b70eb23d6\"\n ],\n \"allow_all_sites\": false,\n \"allow_all_devices\": false\n },\n\n \"remote_syslog\": {\n \"enabled\": true,\n \"send_to_all_servers\": true,\n \"servers\": [\n {\n \"host\": \"syslogd.internal\",\n \"port\": 514,\n \"protocol\": \"udp\",\n \"facility\": \"config\",\n \"severity\": \"info\",\n \"tag\": \"\"\n }\n ]\n },\n\n \"auto_site_assignment\": {\n \"enable\": true,\n\n \"rules\": [\n // use device name (via Installer APIs)\n {\n \"src\": \"name\",\n \"expression\": \"[0:3]\", // \"abcdef\" -\u003e \"abc\"\n // \"split(.)[1]\", // \"a.b.c\" -\u003e \"b\"\n // \"split(-)[1][0:3], // \"a1234-b5678-c90\" -\u003e \"b56\" \n \"prefix\": \"XX-\",\n \"suffix\": \"-YY\"\n }, \n // use subnet\n {\n \"src\": \"subnet\",\n \"subnet\": \"10.1.2.0/18\",\n \"value\": \"s1351\"\n },\n // use LLDP System Name\n {\n \"src\": \"lldp_system_name\",\n \"expression\": \"...\" // same as above\n },\n // use DNS Suffix\n {\n \"src\": \"dns_suffix\",\n \"expression\": \"...\" // same as above\n },\n {\n \"src\": \"model\",\n \"model\": \"AP41\",\n \"value\": \"s1351\"\n },\n {\n // optional filters\n \"match_device_type\": \"ap\", // ap / switch / gateway / other, default is `ap`\n \"match_model\": \"AP41\",\n \"...\":\"...\"\n }\n ]\n },\n\n \"auto_device_naming\": {\n \"enable\": true,\n\n \"rules\": [\n {\n // use LLDP Port Description\n \"src\": \"lldp_port_desc\",\n \"prefix\": \"MIST-\",\n \"suffix\": \"\",\n \"expression\": \"...\" // same as above\n },\n {\n // use mac directly\n \"src\": \"mac\",\n \"prefix\": \"MIST-\",\n \"suffix\": \"\"\n }\n ]\n },\n\n \"cloudshark\": {\n \"apitoken\": \"accbd6f10c6d05c3\",\n\n // if using CS Enteprise\n \"url\": \"https://cloudshark.hosted.domain\"\n },\n\n \"auto_deviceprofile_assignment\": {\n \"enable\": true,\n\n \"rules\": [\n // same rules definition that can be used for auto_site_assignment\n ]\n },\n\n\n \"cacerts\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nBhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----\"\n ],\n \"device_cert\": {\n \"cert\": \"-----BEGIN CERTIFICATE-----\\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\\n-----END CERTIFICATE-----\",\n \"key\": \"-----BEGIN PRI...\"\n },\n \"tags\": [ \"beta\" ],\n \"device_updown_threshold\": 0,\n\n \"mxedge_mgmt\": {\n \"mist_password\": \"MIST_PASSWORD\",\n \"root_password\": \"ROOT_PASSWORD\",\n \"oob_autoconf6\": false, // unset defaults to true\n \"oob_dhcp6\": false, // unset defaults to true\n },\n \"mxedge_fips_enabled\": true, // default is false\n\n\n \"blacklist_url\": \"https://papi.s3.amazonaws.com/blacklist/xxx...\",\n\n \"mist_nac\": {\n // use this IDP when no explicit realm present in the incoming\n // username/CN OR when no IDP is explicitly mapped to the incoming realm.\n \"default_idp_id\": \"4c441a74-d0de-32c4-78a7-a05e00d080ae\",\n\n \"idps\": [\n {\n \"id\": \"4c441a74-d0de-32c4-78a7-a05e00d080ae\",\n\n // which realm should trigger this IDP\n \"user_realms\": [ \"abc\" ]\n\n // we extract user realm from\n // 1. Username-AVP (`mist.com` from john@mist.com)\n // 2. Cert CN \n }\n ],\n // the CA certs we use to verify client certs\n \"cacerts\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\\n-----END CERTIFICATE-----\"\n \n ],\n // radius server cert to be presented in EAP TLS\n \"server_cert\": {\n \"cert\": \"-----BEGIN CERTIFICATE-----\\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\\n-----END CERTIFICATE-----\",\n \"key\": \"-----BEGIN PRI...\"\n }\n },\n \"gateway_mgmt\": {\n \"app_usage\": true,\n \"app_probing\": {\n \"apps\": [\n \"facebook\" // app-keys from /const/applications\n ]\n }\n },\n\n \"juniper\": {\n \"linked\": true,\n \"customer_name\": \"Corp NMO\"\n },\n\n // a set of heuristic rules will be enabled when marvis subscription is not available\n // it triggers when, in a Z minute window (5\u003c=Z\u003c=60), there are more than Y distinct client encountring over\n // X failures\n \"simple_alert\": {\n \"dhcp_failure\": {\n \"client_count\": 10, // number of distinct clients having this failure, default is 10\n \"incident_count\": 20, // number of failures we've seen, default is 10\n \"duration\": 10 // failing within minutes, default is 10\n },\n \"dns_failure\": {\n \"client_count\": 20,\n \"incident_count\": 30,\n \"duration\": 10\n },\n \"arp_failure\": {\n \"client_count\": 10,\n \"incident_count\": 10,\n \"duration\": 20\n }\n }\n}"