• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Company · Blog · Newsletter · Events · Partner Program

Downloads      Support      Security     Admin Login
Rublon

Rublon

Secure Remote Access

  • Product
    • Regulatory Compliance
    • Use Cases
    • Rublon Reviews
    • Authentication Basics
    • What is MFA?
    • Importance of MFA
    • User Experience
    • Authentication Methods
    • Rublon Authenticator
    • Remembered Devices
    • Logs
    • Single Sign-On
    • Access Policies
    • Directory Sync
  • Solutions
    • MFA for Remote Desktop
    • MFA for Remote Access Software
    • MFA for Windows Logon
    • MFA for Linux
    • MFA for Active Directory
    • MFA for LDAP
    • MFA for RADIUS
    • MFA for SAML
    • MFA for RemoteApp
    • MFA for Workgroup Accounts
    • MFA for Entra ID
  • Customers
  • Industries
    • Financial Services
    • Investment Funds
    • Retail
    • Technology
    • Healthcare
    • Legal
    • Education
    • Government
  • Pricing
  • Docs
Contact Sales Free Trial

Multi-Factor Authentication (2FA/MFA) for Zabbix – LDAP(S)

September 1, 2025 By Rublon Authors

Overview of MFA for Zabbix

This documentation describes how to integrate Rublon MFA with Zabbix using the LDAP(S) protocol to enable multi-factor authentication for logins to Zabbix.

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push ✔ N/A
WebAuthn/U2F Security Key – N/A
Passcode ✔ N/A
SMS Passcode – N/A
SMS Link ✔ N/A
Phone Call ✔ N/A
QR Code – N/A
Email Link ✔ N/A
YubiKey OTP Security Key ✔ N/A

Before You Start Configuring MFA for Zabbix Using LDAP(S)

Before configuring Rublon MFA for Zabbix:

  • Ensure you have prepared all required components.
  • Create an application in the Rublon Admin Console.
  • Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeIPA.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already, and configure the Rublon Authentication Proxy as an LDAP proxy.

3. Zabbix  – A properly installed and configured Zabbix.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., Zabbix) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy the values of System Token and Secret Key of the newly created application. You will need them later.

Install Rublon Authenticator

Some end-users may use the Rublon Authenticator mobile app. So, as a person configuring MFA for Zabbix, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Zabbix via Mobile Push.

Download the Rublon Authenticator for:

  • Android
  • iOS
  • HarmonyOS

Configuring Multi-Factor Authentication (MFA) for Zabbix Using LDAP(S)

Rublon Authentication Proxy

1. Edit the Rublon Auth Proxy configuration file and paste the previously copied values of System Token and Secret Key in system_token and secret_key, respectively.

2. Config example file in YAML:

log:
  debug: true

rublon:
  api_server: https://core.rublon.net
  system_token: YOURSYSTEMTOKEN
  secret_key: YOURSECRETKEY

proxy_servers:
- name: LDAP-Proxy
  type: LDAP
  ip: 0.0.0.0
  port: 636
  auth_source: LDAP_SOURCE_1
  auth_method: push, email
  rublon_section: rublon
  cert_path: /etc/ssl/certs/ca.crt
  pkey_path: /etc/ssl/certs/key.pem

auth_sources:
- name: LDAP_SOURCE_1
  type: LDAP
  ip: 172.16.0.127
  port: 636
  transport_type: ssl
  search_dn: dc=example,dc=org
  access_user_dn: cn=admin,dc=example,dc=org
  access_user_password: CHANGE_ME
  ca_certs_dir_path: /etc/ssl/certs/

Zabbix

1. Log in to the Zabbix admin panel.

2. In the left pane, select Users → Authentication → LDAP Settings.

3. Select Enable LDAP authentication and Enable JIT provisioning.

A screenshot showing LDAP settings to enable MFA for Zabbix

4. In Servers, select Add. Fill in the fields. Refer to the following image and table.

A screenshot showing how to add an LDAP server to enable MFA for Zabbix
NameDescriptive name for the LDAP connection.
HostThe IP address or hostname of the Rublon Authentication Proxy, prefixed with ldap:// for LDAP or ldaps:// for LDAPS.
PortThe port of the Rublon Authentication Proxy (636 for LDAPS; 389 for LDAP).
Base DNEnter the Base DN from which Zabbix should start searching for users (e.g., ou=Users,dc=my,dc=organization,dc=domain).

This must match what the bind account “sees”.
Search attributeLDAP attribute used for logging in and searching for users (e.g., sAMAccountName).
Bind DNThe Bind DN (the full LDAP path of the service account, e.g., CN=rublonadmin,OU=Rublon,DC=rublondemo,DC=local) that Zabbix will use to authenticate and access the LDAP directory for querying user information.

This account must have at least the permission to read other users’ attributes.

Note: This Bind DN must be the same as access_user_dn in your Rublon Auth Proxy’s config file.
Bind passwordThe password of the user defined in the Bind DN.

Note: This Bind password must be the same as access_user_password in your Rublon Auth Proxy’s config file.
DescriptionAn optional field to add a descriptive note about the LDAP connection.
Configure JIT provisioningEnable automatic creation of user accounts upon first login.
Group configurationDefine how group membership is read (e.g., using memberOf).
Group name attributeSet the LDAP attribute that holds the group’s name (e.g., sAMAccountName).
User group membership attributeSet the LDAP attribute indicating which groups a user belongs to.
User name attributeSet the LDAP attribute mapped to the user’s first name.
User last name attributeSet the LDAP attribute mapped to the user’s last name.
User group mappingDefine the rules for mapping LDAP groups to application groups/roles.

Select Add and then enter the LDAP group pattern, and then select the corresponding user groups and user roles.

Using a wildcard (*) in the LDAP group pattern can simplify setup, but it is not recommended because it creates overly broad mapping. Use exact group names or precise patterns to avoid overpermissioning.
Media type mappingOptionally define the mapping of LDAP attributes to additional user data (e.g., phone number).
StartTLSOptional. LDAPS will work even if this option is unchecked due to ldaps://, which inherently enforces TLS.
Search filterOptional. An LDAP filter that limits which users are retrieved during the search.

5. Select Test to test your configuration and then Add to save your new server.

6. Select Update again to save the changes to the LDAP settings.

A screenshot showing how to update LDAP settings to enable MFA for Zabbix

7. In Authentication, set Default authentication to LDAP and select Update.

A screenshot showing how to change the default authentication to LDAP in the Zabbix admin panel to enable multi-factor authentication for Zabbix

Testing Multi-Factor Authentication (MFA) for Zabbix Integrated Via LDAP(S)

This example portrays logging in to Zabbix with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in the Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Log in to Zabbix as a user by entering your name and password and clicking Sign in.

Image showing logging in to Zabbix

2. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

Image showing a Mobile Push notification received by the user during Zabbix MFA authentication

3. You will be logged in to Zabbix.

Troubleshooting MFA for Zabbix Using LDAP(S)

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

Filed Under: Documentation

Primary Sidebar

Contents

  • Overview of MFA for Zabbix
  • Supported Authentication Methods
  • Before You Start Configuring MFA for Zabbix Using LDAP(S)
    • Required Components
    • Create an Application in the Rublon Admin Console
    • Install Rublon Authenticator
  • Configuring Multi-Factor Authentication (MFA) for Zabbix Using LDAP(S)
    • Rublon Authentication Proxy
    • Zabbix
  • Testing Multi-Factor Authentication (MFA) for Zabbix Integrated Via LDAP(S)
  • Troubleshooting MFA for Zabbix Using LDAP(S)
  • Related Posts
Try Rublon for Free
Start your 30-day Rublon Trial to secure your employees using multi-factor authentication.
No Credit Card Required


Footer

Product

  • Regulatory Compliance
  • Use Cases
  • Rublon Reviews
  • Authentication Basics
  • What is MFA?
  • Importance of MFA
  • User Experience
  • Authentication Methods
  • Rublon Authenticator
  • Remembered Devices
  • Logs
  • Single Sign-On
  • Access Policies
  • Directory Sync

Solutions

  • MFA for Remote Desktop
  • MFA for Windows Logon
  • MFA for Remote Access Software
  • MFA for Linux
  • MFA for Active Directory
  • MFA for LDAP
  • MFA for RADIUS
  • MFA for SAML
  • MFA for RemoteApp
  • MFA for Workgroup Accounts
  • MFA for Entra ID

Industries

  • Financial Services
  • Investment Funds
  • Retail
  • Technology
  • Healthcare
  • Legal
  • Education
  • Government

Documentation

  • 2FA for Windows & RDP
  • 2FA for RDS
  • 2FA for RD Gateway
  • 2FA for RD Web Access
  • 2FA for SSH
  • 2FA for OpenVPN
  • 2FA for SonicWall VPN
  • 2FA for Cisco VPN
  • 2FA for Office 365

Support

  • Knowledge Base
  • FAQ
  • System Status

About

  • About Us
  • Blog
  • Events
  • Co-funded by the European Union
  • Contact Us

  • Facebook
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

© 2025 Rublon · Imprint · Legal & Privacy · Security

  • English
  • Polski (Polish)