Advanced System Configuration

KaliaOps supports SSO (Single Sign-On) authentication for centralized identity management.

Supported providers

Configuration

1. Menu Settings → Security → SSO
2. Select the provider
3. Enter identity provider information
4. Configure provisioning options
5. Test the connection
6. Enable SSO

Azure AD parameters

• Client ID: Azure application ID
• Client Secret: Application secret
• Tenant ID: Azure tenant ID
• Allowed group: Restrict to a security group (optional)

Provisioning options

• Auto-create: Create users on first SSO login
• Default role: Role assigned to new users
• Employee link: Auto-associate to employees by email

Two-factor authentication (2FA) strengthens account security.

How it works

After entering password, user must provide a code generated by an authenticator app (Google Authenticator, Authy, etc.).

Mandatory 2FA for admins

Accounts with Admin role must enable 2FA:

• On first login after role assignment
• Access is blocked until 2FA is configured

Enabling 2FA

1. Menu My Account → Security
2. Click "Enable 2FA"
3. Scan QR code with your app
4. Enter verification code
5. Save backup codes

Backup codes

KaliaOps generates 10 single-use backup codes:

• Use if you don't have access to your phone
• Each code can only be used once
• Regenerate codes if exhausted

Disabling 2FA

An administrator can disable a user's 2FA if phone is lost. User must reconfigure on next login.

API tokens enable programmatic access to KaliaOps.

Use cases

• Integrations: Connection with third-party tools
• Automation: Synchronization scripts
• Monitoring: Metrics collection

Creating a token

1. Menu My Account → API Tokens
2. Click "New token"
3. Name the token (e.g., "Zabbix Integration")
4. Select scopes (permissions)
5. Set expiration date
6. Copy generated token

Available scopes

Security

• Token is only displayed once at creation
• Tokens are hashed in database
• Revoke compromised tokens immediately
• Use dedicated tokens per integration

Webhooks notify external systems when KaliaOps events occur.

Supported events

• Incidents: Creation, update, resolution
• Changes: Submission, approval, implementation
• Assets: Creation, modification, deletion
• SLA: Breach alerts

Creating a webhook

1. Menu Settings → Webhooks
2. Click "New webhook"
3. Enter destination URL
4. Select events to notify
5. Configure secret key (HMAC signature)
6. Enable webhook

Payload format

Webhooks send POST requests with JSON payload:

{
  "event": "incident.created",
  "timestamp": "2026-01-07T10:30:00Z",
  "data": {
    "id": 123,
    "reference": "INC-2026-0042",
    "title": "Web server unavailable",
    "priority": "high"
  }
}

Signature verification

Each request includes an X-KaliaOps-Signature header to verify authenticity.

Logs and retry

• Webhook calls are logged
• On failure, KaliaOps retries 3 times
• Check logs to diagnose issues

Default tenant preferences

Define defaults for new users:

• Language: Interface language (en, fr, de, es, it)
• Timezone: Timezone for date display
• Date format: DD/MM/YYYY or MM/DD/YYYY
• Theme: Light, dark or auto

Configuration

1. Menu Settings → System
2. Modify default preferences
3. Save

User preferences

Each user can customize their individual preferences:

• Menu My Account → Preferences
• User preferences override defaults

Impact

Preferences affect:

• Interface and email language
• Date and time display
• Application appearance