SSO Configuration¶
This page outlines the operations, endpoints, parameters, and example requests and responses for the SSO Configuration.
GET /api/v2/ssoConfigurations/¶
List the sso configurations that correspond to provided conditions.
Code samples¶
# You can also use wget
curl -X GET http://10.97.88.31/api/v2/ssoConfigurations/ \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| offset | query | integer | false | The number of records to skip over. |
| limit | query | integer | false | The number of records to return. |
| orgId | query | string | false | The ID of the organization. |
Example responses¶
200 Response
{
"count": 0,
"data": [
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
],
"next": "string",
"previous": "string",
"totalCount": 0
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | List of sso configurations. | ListSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
POST /api/v2/ssoConfigurations/¶
Create an SSO configuration for a specific organization
Code samples¶
# You can also use wget
curl -X POST http://10.97.88.31/api/v2/ssoConfigurations/ \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Body parameter¶
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | CreateSsoConfiguration | false | none |
Example responses¶
200 Response
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Configuration created successfully | EnhancedSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
GET /api/v2/ssoConfigurations/{configurationId}/¶
Retrieve SSO configuration of a specific organization.
Code samples¶
# You can also use wget
curl -X GET http://10.97.88.31/api/v2/ssoConfigurations/{configurationId}/ \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
Example responses¶
200 Response
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | SSO configuration. | EnhancedSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
PATCH /api/v2/ssoConfigurations/{configurationId}/¶
Update an SSO configuration for a specific organization.
Code samples¶
# You can also use wget
curl -X PATCH http://10.97.88.31/api/v2/ssoConfigurations/{configurationId}/ \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {access-token}'
Body parameter¶
{
"advancedConfiguration": {
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
},
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 0,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
| body | body | UpdateSsoConfiguration | false | none |
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | none | None |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
Schemas¶
CreateSsoConfiguration
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between Datarobot and IdP. | |
| autoGenerateUsers | boolean | false | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
| certificate | SamlCertificate | false | certificate to be used by IdP. | |
| configurationType | string | true | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
| enableSso | boolean | true | Defines if SSO is enabled. | |
| enforceSso | boolean | true | Defines if SSO is enforced. | |
| entityId | string | true | The globally unique identifier of the entity. Provided by IdP service. | |
| groupMapping | [EnhancedSamlGroupMapping] | false | The list of DataRobot group to identity provider group maps. | |
| idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
| idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
|
| idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
| idpResponseMethod | string | true | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
| issuer | string | false | Optional Issuer field that may be required by IdP. | |
| name | string | true | The name of the SSO configuration. | |
| organizationId | string | false | The organization ID to which the SSO config belongs. | |
| roleMapping | [EnhancedSamlRoleMapping] | false | The list of DataRobot access role to identity provider role maps. | |
| securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
| sessionLengthSeconds | integer | true | minimum: 0 (exclusive) |
Time window for the authentication session via IDP |
| signOnUrl | string(uri) | false | URL to sign on via SSO. | |
| signOutUrl | string(uri) | false | URL to sign out via SSO. | |
| spRequestMethod | string | true | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | MANUAL |
| configurationType | METADATA |
| configurationType | METADATA_URL |
| idpResponseMethod | POST |
| idpResponseMethod | REDIRECT |
| spRequestMethod | POST |
| spRequestMethod | REDIRECT |
EnhancedEncryptionKeypairs
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cert_file | string | false | Path to the pem file with a single certificate. | |
| cert_file_value | string | false | A single certificate pem file content as a single string. Has priority over cert_file. | |
| key_file | string | false | Path to the private key pem file. | |
| key_file_value | string | false | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlAttributeMapping
{
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| displayName | string | false | Display name. | |
| string | false | Email. | ||
| firstName | string | false | First name. | |
| group | string | false | Group. | |
| impersonationUser | string | false | Impersonation user. | |
| lastName | string | false | Last name. | |
| role | string | false | Role. | |
| username | string | false | Username. |
EnhancedSamlClientConfig
{
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cert_file | string | false | Path to the pem file with a single certificate. | |
| cert_file_value | string | false | A single certificate pem file content as a single string. Has priority over cert_file. | |
| encryption_keypairs | [EnhancedEncryptionKeypairs] | false | Indicates which certificates will be used for encryption capabilities. | |
| id_attr_name | string | false | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | |
| id_attr_name_crypto | string | false | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | |
| key_file | string | false | Path to the private key pem file. | |
| key_file_value | string | false | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlGroupMapping
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotGroupId | string | true | DataRobot group ID. | |
| idpGroupId | string | true | Name of the identity provider group |
EnhancedSamlRoleMapping
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotRoleId | string | true | DataRobot access role ID. | |
| idpRoleId | string | true | Name of the identity provider role. |
EnhancedSsoConfigurationResponse
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between DataRobot and IdP. | |
| autoGenerateUsers | boolean | false | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
| certificate | SamlCertificate | false | Certificate to be used by IdP. | |
| configurationType | string | true | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
| enableSso | boolean | true | Defines if SSO is enabled. | |
| enforceSso | boolean | true | Defines if SSO is enforced. | |
| entityId | string | true | The globally unique identifier of the entity. Provided by IdP service. | |
| groupDelimiter | string | false | A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list. | |
| groupMapping | [SamlGroupMappingResponse] | false | The list of DataRobot group to identity provider group maps. | |
| id | string | true | SSO configuration ID. | |
| idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
| idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
|
| idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
| idpResponseMethod | string | true | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
| issuer | string¦null | false | Optional Issuer field that may be required by IdP. | |
| name | string | true | The name of the SSO configuration. | |
| organizationId | string | false | The organization ID to which the SSO config belongs. | |
| roleDelimiter | string | false | A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list. | |
| roleMapping | [EnhancedSamlRoleMapping] | false | The list of DataRobot access role to identity provider role maps. | |
| securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
| sessionLengthSeconds | integer | true | minimum: 0 (exclusive) |
Time window for the authentication session via IDP |
| signOnUrl | string(uri) | false | URL to sign on via SSO. | |
| signOutUrl | string(uri) | false | URL to sign out via SSO. | |
| spRequestMethod | string | true | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | MANUAL |
| configurationType | METADATA |
| configurationType | METADATA_URL |
| idpResponseMethod | POST |
| idpResponseMethod | REDIRECT |
| spRequestMethod | POST |
| spRequestMethod | REDIRECT |
ListSsoConfigurationResponse
{
"count": 0,
"data": [
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
],
"next": "string",
"previous": "string",
"totalCount": 0
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| count | integer | true | minimum: 0 |
Number of SSO configurations returned. |
| data | [EnhancedSsoConfigurationResponse] | true | SSO configuration. | |
| next | string¦null | true | Link to the next page of the SSO configurations. | |
| previous | string¦null | true | Link to the previous page of the SSO configurations. | |
| totalCount | integer | true | minimum: 0 |
Total number of SSO configurations. |
SamlAdvancedConfiguration
{
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| digestAlgorithm | string | false | Algorithm for calculating digest. | |
| samlAttributesMapping | EnhancedSamlAttributeMapping | true | Attribute mapping between DataRobot and IdP. | |
| samlClientConfiguration | EnhancedSamlClientConfig | true | Encryption related parameters. | |
| signatureAlgorithm | string | false | Algorithm for calculating signature. |
Enumerated Values¶
| Property | Value |
|---|---|
| digestAlgorithm | DIGEST_RIPEMD160 |
| digestAlgorithm | DIGEST_SHA1 |
| digestAlgorithm | DIGEST_SHA224 |
| digestAlgorithm | DIGEST_SHA256 |
| digestAlgorithm | DIGEST_SHA384 |
| digestAlgorithm | DIGEST_SHA512 |
| signatureAlgorithm | SIG_RSA_SHA1 |
| signatureAlgorithm | SIG_RSA_SHA224 |
| signatureAlgorithm | SIG_RSA_SHA256 |
| signatureAlgorithm | SIG_RSA_SHA384 |
| signatureAlgorithm | SIG_RSA_SHA512 |
SamlCertificate
{
"fileName": "string",
"value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| fileName | string | false | Path to certificate file. | |
| value | string | true | Certificate content. |
SamlGroupMappingResponse
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotGroupId | string | true | DataRobot group ID. | |
| datarobotGroupName | string | false | DataRobot group name. | |
| idpGroupId | string | true | A name of the identity provider group. |
SamlMetadataFile
{
"fileName": "string",
"value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| fileName | string | true | Path to IdP metadata file. | |
| value | string | true | IdP metadata. |
SamlSecurityParameters
{
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| allowUnsolicited | boolean | false | Allow unsolicited. | |
| authnRequestsSigned | boolean | false | Sign auth requests. | |
| logoutRequestsSigned | boolean | false | Sign logout requests. | |
| wantAssertionsSigned | boolean | false | Sign assertions. | |
| wantResponseSigned | boolean | false | Sign response. |
UpdateSsoConfiguration
{
"advancedConfiguration": {
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
},
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 0,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| advancedConfiguration | SamlAdvancedConfiguration | false | An object containing SSO client advanced parameters. | |
| attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between Datarobot and IdP. The dict that have predefined datarobot attributes in keys and idp attribute in values. | |
| autoGenerateUsers | boolean | false | determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
| certificate | SamlCertificate | false | Certificate to be used by IdP. | |
| configurationType | string | false | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
| enableSso | boolean | false | Defines if SSO is enabled. | |
| enforceSso | boolean | false | Defines if SSO is enforced. | |
| entityId | string | false | The globally unique identifier of the entity. Provided by IdP service. | |
| groupMapping | [EnhancedSamlGroupMapping] | false | The list of DataRobot group to identity provider group maps. | |
| idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
| idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. | |
| idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
| idpResponseMethod | string | false | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
| issuer | string | false | Optional Issuer field that may be required by IdP. | |
| name | string | false | The name of the SSO configuration. | |
| organizationId | string | false | The organization ID to which the SSO config belongs. | |
| roleMapping | [EnhancedSamlRoleMapping] | false | The list of DataRobot access role to identity provider role maps. | |
| securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
| sessionLengthSeconds | integer | false | Time window for the authentication session via IdP. | |
| signOnUrl | string(uri) | false | URL to sign on via SSO. | |
| signOutUrl | string(uri) | false | URL to sign out via SSO. | |
| spRequestMethod | string | false | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | MANUAL |
| configurationType | METADATA |
| configurationType | METADATA_URL |
| idpResponseMethod | POST |
| idpResponseMethod | REDIRECT |
| spRequestMethod | POST |
| spRequestMethod | REDIRECT |
Updated September 19, 2023
Was this page helpful?
Great! Let us know what you found helpful.
What can we do to improve the content?
Thanks for your feedback!