cisco.meraki.organizations_login_security module – Resource module for organizations _loginsecurity
Note
This module is part of the cisco.meraki collection (version 2.18.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.meraki.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.meraki.organizations_login_security.
New in cisco.meraki 2.16.0
Synopsis
Manage operation update of the resource organizations _loginsecurity.
Update the login security settings for an organization.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
meraki >= 2.4.9
python >= 3.5
Parameters
Parameter |
Comments |
|---|---|
Number of consecutive failed login attempts after which users’ accounts will be locked. |
|
Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses. |
|
Details for API-only IP restrictions. |
|
Boolean indicating whether the organization will restrict API key (not Dashboard GUI) usage to a specific list of IP addresses or CIDR ranges. Choices:
|
|
List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets. |
|
Boolean indicating whether users’ Dashboard accounts will be locked out after a specified number of consecutive failed login attempts. Choices:
|
|
Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords. Choices:
|
|
Boolean indicating whether users will be logged out after being idle for the specified number of minutes. Choices:
|
|
Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses. Choices:
|
|
Boolean indicating whether users are forced to change their password every X number of days. Choices:
|
|
Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following number, uppercase letter, lowercase letter, and symbol. Choices:
|
|
Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application. Choices:
|
|
Number of minutes users can remain idle before being logged out of their accounts. |
|
List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets. |
|
meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time Default: |
|
meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY |
|
meraki_base_url (string), preceding all endpoint resources Default: |
|
meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID Default: |
|
meraki_caller (string), optional identifier for API usage tracking; can also be set as an environment variable MERAKI_PYTHON_SDK_CALLER Default: |
|
meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy Default: |
|
meraki_inherit_logging_config (boolean), Inherits your own logger instance Choices:
|
|
meraki_log_file_prefix (string), log file name appended with date and timestamp Default: |
|
log_path (string), path to output log; by default, working directory of script if not specified Default: |
|
meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors Default: |
|
meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time Default: |
|
meraki_output_log (boolean), create an output log file? Choices:
|
|
meraki_print_console (boolean), print logging output to console? Choices:
|
|
meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS Default: |
|
meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)? Choices:
|
|
meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time Default: |
|
meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? Choices:
|
|
meraki_single_request_timeout (integer), maximum number of seconds for each API call Default: |
|
meraki_suppress_logging (boolean), disable all logging? you’re on your own then! Choices:
|
|
meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items Choices:
|
|
meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered? Choices:
|
|
Number of recent passwords that new password must be distinct from. |
|
OrganizationId path parameter. Organization ID. |
|
Number of days after which users will be forced to change their password. |
Notes
Note
SDK Method used are organizations.Organizations.update_organization_login_security,
Paths used are put /organizations/{organizationId}/loginSecurity,
Does not support
check_modeThe plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK
The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection
See Also
See also
- Cisco Meraki documentation for organizations updateOrganizationLoginSecurity
Complete reference of the updateOrganizationLoginSecurity API.
Examples
- name: Update all
cisco.meraki.organizations_login_security:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: present
accountLockoutAttempts: 3
apiAuthentication:
ipRestrictionsForKeys:
enabled: true
ranges:
- 192.195.83.1
- 192.168.33.33
enforceAccountLockout: true
enforceDifferentPasswords: true
enforceIdleTimeout: true
enforceLoginIpRanges: true
enforcePasswordExpiration: true
enforceStrongPasswords: true
enforceTwoFactorAuth: true
idleTimeoutMinutes: 30
loginIpRanges:
- 192.195.83.1
- 192.195.83.255
numDifferentPasswords: 3
organizationId: string
passwordExpirationDays: 90
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
A dictionary or list with the response returned by the Cisco Meraki Python SDK Returned: always Sample: |