Skip to content

Click in-app to access the full platform documentation for your version of DataRobot.

SSO Configuration

This page outlines the operations, endpoints, parameters, and example requests and responses for the SSO Configuration.

GET /api/v2/ssoConfigurations/

List the sso configurations that correspond to provided conditions.

Code samples

# You can also use wget
curl -X GET http://10.97.110.93/api/v2/ssoConfigurations/ \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Parameters

Name In Type Required Description
offset query integer false The number of records to skip over.
limit query integer false The number of records to return.
orgId query string false The ID of the organization.

Example responses

200 Response

{
  "count": 0,
  "data": [
    {
      "attributeMapping": {
        "displayName": "string",
        "email": "string",
        "firstName": "string",
        "group": "string",
        "impersonationUser": "string",
        "lastName": "string",
        "role": "string",
        "username": "string"
      },
      "autoGenerateUsers": true,
      "certificate": {
        "fileName": "string",
        "value": "string"
      },
      "configurationType": "METADATA",
      "enableSso": true,
      "enforceSso": true,
      "entityId": "string",
      "groupDelimiter": "string",
      "groupMapping": [
        {
          "datarobotGroupId": "string",
          "datarobotGroupName": "string",
          "idpGroupId": "string"
        }
      ],
      "id": "string",
      "idpMetadata": {
        "fileName": "string",
        "value": "string"
      },
      "idpMetadataHttpsVerify": true,
      "idpMetadataUrl": "http://example.com",
      "idpResponseMethod": "POST",
      "issuer": "string",
      "name": "string",
      "organizationId": "string",
      "roleDelimiter": "string",
      "roleMapping": [
        {
          "datarobotRoleId": "string",
          "idpRoleId": "string"
        }
      ],
      "securityParameters": {
        "allowUnsolicited": true,
        "authnRequestsSigned": true,
        "logoutRequestsSigned": true,
        "wantAssertionsSigned": true,
        "wantResponseSigned": true
      },
      "sessionLengthSeconds": 604800,
      "signOnUrl": "http://example.com",
      "signOutUrl": "http://example.com",
      "spRequestMethod": "POST"
    }
  ],
  "next": "string",
  "previous": "string",
  "totalCount": 0
}

Responses

Status Meaning Description Schema
200 OK List of sso configurations. ListSsoConfigurationResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

POST /api/v2/ssoConfigurations/

Create an SSO configuration for a specific organization

Code samples

# You can also use wget
curl -X POST http://10.97.110.93/api/v2/ssoConfigurations/ \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Body parameter

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "METADATA",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Parameters

Name In Type Required Description
body body CreateSsoConfiguration false none

Example responses

200 Response

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "METADATA",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupDelimiter": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "datarobotGroupName": "string",
      "idpGroupId": "string"
    }
  ],
  "id": "string",
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleDelimiter": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Responses

Status Meaning Description Schema
200 OK Configuration created successfully SsoConfigurationResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

GET /api/v2/ssoConfigurations/{configurationId}/

Retrieve SSO configuration of a specific organization.

Code samples

# You can also use wget
curl -X GET http://10.97.110.93/api/v2/ssoConfigurations/{configurationId}/ \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Parameters

Name In Type Required Description
configurationId path string true The ID of the organization to retrieve SSO config for.

Example responses

200 Response

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "METADATA",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupDelimiter": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "datarobotGroupName": "string",
      "idpGroupId": "string"
    }
  ],
  "id": "string",
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleDelimiter": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Responses

Status Meaning Description Schema
200 OK SSO configuration. SsoConfigurationResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

PATCH /api/v2/ssoConfigurations/{configurationId}/

Update an SSO configuration for a specific organization.

Code samples

# You can also use wget
curl -X PATCH http://10.97.110.93/api/v2/ssoConfigurations/{configurationId}/ \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {access-token}'

Body parameter

{
  "advancedConfiguration": {
    "digestAlgorithm": "DIGEST_SHA384",
    "samlAttributesMapping": {
      "displayName": "string",
      "email": "string",
      "firstName": "string",
      "group": "string",
      "impersonationUser": "string",
      "lastName": "string",
      "role": "string",
      "username": "string"
    },
    "samlClientConfiguration": {
      "cert_file": "string",
      "cert_file_value": "string",
      "encryption_keypairs": [
        {
          "cert_file": "string",
          "cert_file_value": "string",
          "key_file": "string",
          "key_file_value": "string"
        }
      ],
      "id_attr_name": "string",
      "id_attr_name_crypto": "string",
      "key_file": "string",
      "key_file_value": "string"
    },
    "signatureAlgorithm": "SIG_RSA_SHA224"
  },
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "METADATA",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 0,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Parameters

Name In Type Required Description
configurationId path string true The ID of the organization to retrieve SSO config for.
body body UpdateSsoConfiguration false none

Responses

Status Meaning Description Schema
200 OK none None

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

Schemas

CreateSsoConfiguration

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "METADATA",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Properties

Name Type Required Restrictions Description
attributeMapping SamlAttributeMapping false none Attribute mapping between Datarobot and IdP.
autoGenerateUsers boolean false none Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate SamlCertificate false none certificate to be used by IdP.
configurationType string true none The type of the SSO configuration, defines the source of SSO metadata.
It can be one of the following: METADATA - when IDP metadata is provided in the
config, METADATA_URL - when an URL for metadata retrieval is provided in the config and
MANUAL - when IDP sign-on/sign-out URLs and certificate are provided.
enableSso boolean true none Defines if SSO is enabled.
enforceSso boolean true none Defines if SSO is enforced.
entityId string true none The globally unique identifier of the entity. Provided by IdP service.
groupMapping [SamlGroupMapping] false none The list of DataRobot group to identity provider group maps.
idpMetadata SamlMetadataFile false none XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify boolean false none When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.
To avoid security vulnerabilities, only set to False when a trusted server has a
self-signed certificate.
idpMetadataUrl string(uri) false none URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod string true none Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer string false none Optional Issuer field that may be required by IdP.
name string true none The name of the SSO configuration.
organizationId string false none The organization ID to which the SSO config belongs.
roleMapping [SamlRoleMapping] false none The list of DataRobot access role to identity provider role maps.
securityParameters SamlSecurityParameters false none The object that contains SAML specific directives.
sessionLengthSeconds integer true none Time window for the authentication session via IDP
signOnUrl string(uri) false none URL to sign on via SSO.
signOutUrl string(uri) false none URL to sign out via SSO.
spRequestMethod string true none Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.

Enumerated Values

Property Value
configurationType METADATA
configurationType METADATA_URL
configurationType MANUAL
idpResponseMethod POST
idpResponseMethod REDIRECT
spRequestMethod POST
spRequestMethod REDIRECT

EncryptionKeypairs

{
  "cert_file": "string",
  "cert_file_value": "string",
  "key_file": "string",
  "key_file_value": "string"
}

Properties

Name Type Required Restrictions Description
cert_file string false none Path to the pem file with a single certificate.
cert_file_value string false none A single certificate pem file content as a single string. Has priority over cert_file.
key_file string false none Path to the private key pem file.
key_file_value string false none The private key pem file content as a single string. Has priority over key_file.

ListSsoConfigurationResponse

{
  "count": 0,
  "data": [
    {
      "attributeMapping": {
        "displayName": "string",
        "email": "string",
        "firstName": "string",
        "group": "string",
        "impersonationUser": "string",
        "lastName": "string",
        "role": "string",
        "username": "string"
      },
      "autoGenerateUsers": true,
      "certificate": {
        "fileName": "string",
        "value": "string"
      },
      "configurationType": "METADATA",
      "enableSso": true,
      "enforceSso": true,
      "entityId": "string",
      "groupDelimiter": "string",
      "groupMapping": [
        {
          "datarobotGroupId": "string",
          "datarobotGroupName": "string",
          "idpGroupId": "string"
        }
      ],
      "id": "string",
      "idpMetadata": {
        "fileName": "string",
        "value": "string"
      },
      "idpMetadataHttpsVerify": true,
      "idpMetadataUrl": "http://example.com",
      "idpResponseMethod": "POST",
      "issuer": "string",
      "name": "string",
      "organizationId": "string",
      "roleDelimiter": "string",
      "roleMapping": [
        {
          "datarobotRoleId": "string",
          "idpRoleId": "string"
        }
      ],
      "securityParameters": {
        "allowUnsolicited": true,
        "authnRequestsSigned": true,
        "logoutRequestsSigned": true,
        "wantAssertionsSigned": true,
        "wantResponseSigned": true
      },
      "sessionLengthSeconds": 604800,
      "signOnUrl": "http://example.com",
      "signOutUrl": "http://example.com",
      "spRequestMethod": "POST"
    }
  ],
  "next": "string",
  "previous": "string",
  "totalCount": 0
}

Properties

Name Type Required Restrictions Description
count integer true none Number of SSO configurations returned.
data [SsoConfigurationResponse] true none SSO configuration.
next string¦null true none Link to the next page of the SSO configurations.
previous string¦null true none Link to the previous page of the SSO configurations.
totalCount integer true none Total number of SSO configurations.

SamlAdvancedConfiguration

{
  "digestAlgorithm": "DIGEST_SHA384",
  "samlAttributesMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "samlClientConfiguration": {
    "cert_file": "string",
    "cert_file_value": "string",
    "encryption_keypairs": [
      {
        "cert_file": "string",
        "cert_file_value": "string",
        "key_file": "string",
        "key_file_value": "string"
      }
    ],
    "id_attr_name": "string",
    "id_attr_name_crypto": "string",
    "key_file": "string",
    "key_file_value": "string"
  },
  "signatureAlgorithm": "SIG_RSA_SHA224"
}

Properties

Name Type Required Restrictions Description
digestAlgorithm string false none Algorithm for calculating digest.
samlAttributesMapping SamlAttributeMapping true none Attribute mapping between DataRobot and IdP.
samlClientConfiguration SamlClientConfig true none Encryption related parameters.
signatureAlgorithm string false none Algorithm for calculating signature.

Enumerated Values

Property Value
digestAlgorithm DIGEST_SHA384
digestAlgorithm DIGEST_SHA512
digestAlgorithm DIGEST_SHA1
digestAlgorithm DIGEST_SHA224
digestAlgorithm DIGEST_RIPEMD160
digestAlgorithm DIGEST_SHA256
signatureAlgorithm SIG_RSA_SHA224
signatureAlgorithm SIG_RSA_SHA384
signatureAlgorithm SIG_RSA_SHA256
signatureAlgorithm SIG_RSA_SHA512
signatureAlgorithm SIG_RSA_SHA1

SamlAttributeMapping

{
  "displayName": "string",
  "email": "string",
  "firstName": "string",
  "group": "string",
  "impersonationUser": "string",
  "lastName": "string",
  "role": "string",
  "username": "string"
}

Properties

Name Type Required Restrictions Description
displayName string false none Display name.
email string false none Email.
firstName string false none First name.
group string false none Group.
impersonationUser string false none Impersonation user.
lastName string false none Last name.
role string false none Role.
username string false none Username.

SamlCertificate

{
  "fileName": "string",
  "value": "string"
}

Properties

Name Type Required Restrictions Description
fileName string false none Path to certificate file.
value string true none Certificate content.

SamlClientConfig

{
  "cert_file": "string",
  "cert_file_value": "string",
  "encryption_keypairs": [
    {
      "cert_file": "string",
      "cert_file_value": "string",
      "key_file": "string",
      "key_file_value": "string"
    }
  ],
  "id_attr_name": "string",
  "id_attr_name_crypto": "string",
  "key_file": "string",
  "key_file_value": "string"
}

Properties

Name Type Required Restrictions Description
cert_file string false none Path to the pem file with a single certificate.
cert_file_value string false none A single certificate pem file content as a single string. Has priority over cert_file.
encryption_keypairs [EncryptionKeypairs] false none Indicates which certificates will be used for encryption capabilities.
id_attr_name string false none Attribute is required to be set to 'Id' value when Okta encrypted assertions are used
id_attr_name_crypto string false none Attribute is required to be set to 'Id' value when Okta encrypted assertions are used
key_file string false none Path to the private key pem file.
key_file_value string false none The private key pem file content as a single string. Has priority over key_file.

SamlGroupMapping

{
  "datarobotGroupId": "string",
  "idpGroupId": "string"
}

Properties

Name Type Required Restrictions Description
datarobotGroupId string true none DataRobot group ID.
idpGroupId string true none Name of the identity provider group

SamlGroupMappingResponse

{
  "datarobotGroupId": "string",
  "datarobotGroupName": "string",
  "idpGroupId": "string"
}

Properties

Name Type Required Restrictions Description
datarobotGroupId string true none DataRobot group ID.
datarobotGroupName string false none DataRobot group name.
idpGroupId string true none A name of the identity provider group.

SamlMetadataFile

{
  "fileName": "string",
  "value": "string"
}

Properties

Name Type Required Restrictions Description
fileName string true none Path to IdP metadata file.
value string true none IdP metadata.

SamlRoleMapping

{
  "datarobotRoleId": "string",
  "idpRoleId": "string"
}

Properties

Name Type Required Restrictions Description
datarobotRoleId string true none DataRobot access role ID.
idpRoleId string true none Name of the identitity provider role.

SamlSecurityParameters

{
  "allowUnsolicited": true,
  "authnRequestsSigned": true,
  "logoutRequestsSigned": true,
  "wantAssertionsSigned": true,
  "wantResponseSigned": true
}

Properties

Name Type Required Restrictions Description
allowUnsolicited boolean false none Allow unsolicited.
authnRequestsSigned boolean false none Sign auth requests.
logoutRequestsSigned boolean false none Sign logout requests.
wantAssertionsSigned boolean false none Sign assertions.
wantResponseSigned boolean false none Sign response.

SsoConfigurationResponse

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "METADATA",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupDelimiter": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "datarobotGroupName": "string",
      "idpGroupId": "string"
    }
  ],
  "id": "string",
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleDelimiter": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Properties

Name Type Required Restrictions Description
attributeMapping SamlAttributeMapping false none Attribute mapping between DataRobot and IdP.
autoGenerateUsers boolean false none Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate SamlCertificate false none Certificate to be used by IdP.
configurationType string true none The type of the SSO configuration, defines the source of SSO metadata.
It can be one of the following: METADATA - when IDP metadata is provided in the
config, METADATA_URL - when an URL for metadata retrieval is provided in the config and
MANUAL - when IDP sign-on/sign-out URLs and certificate are provided.
enableSso boolean true none Defines if SSO is enabled.
enforceSso boolean true none Defines if SSO is enforced.
entityId string true none The globally unique identifier of the entity. Provided by IdP service.
groupDelimiter string false none A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.
groupMapping [SamlGroupMappingResponse] false none The list of DataRobot group to identity provider group maps.
id string true none SSO configuration ID.
idpMetadata SamlMetadataFile false none XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify boolean false none When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.
To avoid security vulnerabilities, only set to False when a trusted server has a
self-signed certificate.
idpMetadataUrl string(uri) false none URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod string true none Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer string¦null false none Optional Issuer field that may be required by IdP.
name string true none The name of the SSO configuration.
organizationId string false none The organization ID to which the SSO config belongs.
roleDelimiter string false none A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.
roleMapping [SamlRoleMapping] false none The list of DataRobot access role to identity provider role maps.
securityParameters SamlSecurityParameters false none The object that contains SAML specific directives.
sessionLengthSeconds integer true none Time window for the authentication session via IDP
signOnUrl string(uri) false none URL to sign on via SSO.
signOutUrl string(uri) false none URL to sign out via SSO.
spRequestMethod string true none Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.

Enumerated Values

Property Value
configurationType METADATA
configurationType METADATA_URL
configurationType MANUAL
idpResponseMethod POST
idpResponseMethod REDIRECT
spRequestMethod POST
spRequestMethod REDIRECT

UpdateSsoConfiguration

{
  "advancedConfiguration": {
    "digestAlgorithm": "DIGEST_SHA384",
    "samlAttributesMapping": {
      "displayName": "string",
      "email": "string",
      "firstName": "string",
      "group": "string",
      "impersonationUser": "string",
      "lastName": "string",
      "role": "string",
      "username": "string"
    },
    "samlClientConfiguration": {
      "cert_file": "string",
      "cert_file_value": "string",
      "encryption_keypairs": [
        {
          "cert_file": "string",
          "cert_file_value": "string",
          "key_file": "string",
          "key_file_value": "string"
        }
      ],
      "id_attr_name": "string",
      "id_attr_name_crypto": "string",
      "key_file": "string",
      "key_file_value": "string"
    },
    "signatureAlgorithm": "SIG_RSA_SHA224"
  },
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "METADATA",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 0,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Properties

Name Type Required Restrictions Description
advancedConfiguration SamlAdvancedConfiguration false none An object containing SSO client advanced parameters.
attributeMapping SamlAttributeMapping false none Attribute mapping between Datarobot and IdP. The dict that have predefined datarobot attributes in keys and idp attribute in values.
autoGenerateUsers boolean false none determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate SamlCertificate false none Certificate to be used by IdP.
configurationType string false none The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided.
enableSso boolean false none Defines if SSO is enabled.
enforceSso boolean false none Defines if SSO is enforced.
entityId string false none The globally unique identifier of the entity. Provided by IdP service.
groupMapping [SamlGroupMapping] false none The list of DataRobot group to identity provider group maps.
idpMetadata SamlMetadataFile false none XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify boolean false none When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.
idpMetadataUrl string(uri) false none URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod string false none Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer string false none Optional Issuer field that may be required by IdP.
name string false none The name of the SSO configuration.
organizationId string false none The organization ID to which the SSO config belongs.
roleMapping [SamlRoleMapping] false none The list of DataRobot access role to identity provider role maps.
securityParameters SamlSecurityParameters false none The object that contains SAML specific directives.
sessionLengthSeconds integer false none Time window for the authentication session via IdP.
signOnUrl string(uri) false none URL to sign on via SSO.
signOutUrl string(uri) false none URL to sign out via SSO.
spRequestMethod string false none Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.

Enumerated Values

Property Value
configurationType METADATA
configurationType METADATA_URL
configurationType MANUAL
idpResponseMethod POST
idpResponseMethod REDIRECT
spRequestMethod POST
spRequestMethod REDIRECT

Updated June 28, 2022
Back to top