SSO Configuration
This page outlines the operations, endpoints, parameters, and example requests and responses for the SSO Configuration.
GET /api/v2/ssoConfigurations/
List the sso configurations that correspond to provided conditions.
Code samples
# You can also use wget
curl -X GET http://10.97.88.31/api/v2/ssoConfigurations/ \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Parameters
Name
In
Type
Required
Description
offset
query
integer
false
The number of records to skip over.
limit
query
integer
false
The number of records to return.
orgId
query
string
false
The ID of the organization.
Example responses
200 Response
{
"count" : 0 ,
"data" : [
{
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupDelimiter" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"datarobotGroupName" : "string" ,
"idpGroupId" : "string"
}
],
"id" : "string" ,
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleDelimiter" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 604800 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
],
"next" : "string" ,
"previous" : "string" ,
"totalCount" : 0
}
Responses
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
POST /api/v2/ssoConfigurations/
Create an SSO configuration for a specific organization
Code samples
# You can also use wget
curl -X POST http://10.97.88.31/api/v2/ssoConfigurations/ \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Body parameter
{
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"idpGroupId" : "string"
}
],
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 604800 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
Parameters
Example responses
200 Response
{
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupDelimiter" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"datarobotGroupName" : "string" ,
"idpGroupId" : "string"
}
],
"id" : "string" ,
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleDelimiter" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 604800 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
Responses
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
GET /api/v2/ssoConfigurations/{configurationId}/
Retrieve SSO configuration of a specific organization.
Code samples
# You can also use wget
curl -X GET http://10.97.88.31/api/v2/ssoConfigurations/{ configurationId} / \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Parameters
Name
In
Type
Required
Description
configurationId
path
string
true
The ID of the organization to retrieve SSO config for.
Example responses
200 Response
{
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupDelimiter" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"datarobotGroupName" : "string" ,
"idpGroupId" : "string"
}
],
"id" : "string" ,
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleDelimiter" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 604800 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
Responses
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
PATCH /api/v2/ssoConfigurations/{configurationId}/
Update an SSO configuration for a specific organization.
Code samples
# You can also use wget
curl -X PATCH http://10.97.88.31/api/v2/ssoConfigurations/{ configurationId} / \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {access-token}'
Body parameter
{
"advancedConfiguration" : {
"digestAlgorithm" : "DIGEST_RIPEMD160" ,
"samlAttributesMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"samlClientConfiguration" : {
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"encryption_keypairs" : [
{
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
}
],
"id_attr_name" : "string" ,
"id_attr_name_crypto" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
},
"signatureAlgorithm" : "SIG_RSA_SHA1"
},
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"idpGroupId" : "string"
}
],
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 0 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
Parameters
Name
In
Type
Required
Description
configurationId
path
string
true
The ID of the organization to retrieve SSO config for.
body
body
UpdateSsoConfiguration
false
none
Responses
Status
Meaning
Description
Schema
200
OK
none
None
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
Schemas
CreateSsoConfiguration
{
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"idpGroupId" : "string"
}
],
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 604800 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
Properties
Name
Type
Required
Restrictions
Description
attributeMapping
EnhancedSamlAttributeMapping
false
Attribute mapping between Datarobot and IdP.
autoGenerateUsers
boolean
false
Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate
SamlCertificate
false
certificate to be used by IdP.
configurationType
string
true
The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA
- when IDP metadata is provided in the config, METADATA_URL
- when an URL for metadata retrieval is provided in the config and MANUAL
- when IDP sign-on/sign-out URLs and certificate are provided.
enableSso
boolean
true
Defines if SSO is enabled.
enforceSso
boolean
true
Defines if SSO is enforced.
entityId
string
true
The globally unique identifier of the entity. Provided by IdP service.
groupMapping
[EnhancedSamlGroupMapping ]
false
The list of DataRobot group to identity provider group maps.
idpMetadata
SamlMetadataFile
false
XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify
boolean
false
When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.
idpMetadataUrl
string(uri)
false
URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod
string
true
Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer
string
false
Optional Issuer field that may be required by IdP.
name
string
true
The name of the SSO configuration.
organizationId
string
false
The organization ID to which the SSO config belongs.
roleMapping
[EnhancedSamlRoleMapping ]
false
The list of DataRobot access role to identity provider role maps.
securityParameters
SamlSecurityParameters
false
The object that contains SAML specific directives.
sessionLengthSeconds
integer
true
minimum: 0 (exclusive)
Time window for the authentication session via IDP
signOnUrl
string(uri)
false
URL to sign on via SSO.
signOutUrl
string(uri)
false
URL to sign out via SSO.
spRequestMethod
string
true
Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.
Enumerated Values
Property
Value
configurationType
MANUAL
configurationType
METADATA
configurationType
METADATA_URL
idpResponseMethod
POST
idpResponseMethod
REDIRECT
spRequestMethod
POST
spRequestMethod
REDIRECT
EnhancedEncryptionKeypairs
{
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
cert_file
string
false
Path to the pem file with a single certificate.
cert_file_value
string
false
A single certificate pem file content as a single string. Has priority over cert_file.
key_file
string
false
Path to the private key pem file.
key_file_value
string
false
The private key pem file content as a single string. Has priority over key_file.
EnhancedSamlAttributeMapping
{
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
false
Display name.
email
string
false
Email.
firstName
string
false
First name.
group
string
false
Group.
impersonationUser
string
false
Impersonation user.
lastName
string
false
Last name.
role
string
false
Role.
username
string
false
Username.
EnhancedSamlClientConfig
{
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"encryption_keypairs" : [
{
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
}
],
"id_attr_name" : "string" ,
"id_attr_name_crypto" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
cert_file
string
false
Path to the pem file with a single certificate.
cert_file_value
string
false
A single certificate pem file content as a single string. Has priority over cert_file.
encryption_keypairs
[EnhancedEncryptionKeypairs ]
false
Indicates which certificates will be used for encryption capabilities.
id_attr_name
string
false
Attribute is required to be set to 'Id' value when Okta encrypted assertions are used
id_attr_name_crypto
string
false
Attribute is required to be set to 'Id' value when Okta encrypted assertions are used
key_file
string
false
Path to the private key pem file.
key_file_value
string
false
The private key pem file content as a single string. Has priority over key_file.
EnhancedSamlGroupMapping
{
"datarobotGroupId" : "string" ,
"idpGroupId" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
datarobotGroupId
string
true
DataRobot group ID.
idpGroupId
string
true
Name of the identity provider group
EnhancedSamlRoleMapping
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
datarobotRoleId
string
true
DataRobot access role ID.
idpRoleId
string
true
Name of the identity provider role.
EnhancedSsoConfigurationResponse
{
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupDelimiter" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"datarobotGroupName" : "string" ,
"idpGroupId" : "string"
}
],
"id" : "string" ,
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleDelimiter" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 604800 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
Properties
Name
Type
Required
Restrictions
Description
attributeMapping
EnhancedSamlAttributeMapping
false
Attribute mapping between DataRobot and IdP.
autoGenerateUsers
boolean
false
Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate
SamlCertificate
false
Certificate to be used by IdP.
configurationType
string
true
The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA
- when IDP metadata is provided in the config, METADATA_URL
- when an URL for metadata retrieval is provided in the config and MANUAL
- when IDP sign-on/sign-out URLs and certificate are provided.
enableSso
boolean
true
Defines if SSO is enabled.
enforceSso
boolean
true
Defines if SSO is enforced.
entityId
string
true
The globally unique identifier of the entity. Provided by IdP service.
groupDelimiter
string
false
A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.
groupMapping
[SamlGroupMappingResponse ]
false
The list of DataRobot group to identity provider group maps.
id
string
true
SSO configuration ID.
idpMetadata
SamlMetadataFile
false
XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify
boolean
false
When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.
idpMetadataUrl
string(uri)
false
URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod
string
true
Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer
string¦null
false
Optional Issuer field that may be required by IdP.
name
string
true
The name of the SSO configuration.
organizationId
string
false
The organization ID to which the SSO config belongs.
roleDelimiter
string
false
A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.
roleMapping
[EnhancedSamlRoleMapping ]
false
The list of DataRobot access role to identity provider role maps.
securityParameters
SamlSecurityParameters
false
The object that contains SAML specific directives.
sessionLengthSeconds
integer
true
minimum: 0 (exclusive)
Time window for the authentication session via IDP
signOnUrl
string(uri)
false
URL to sign on via SSO.
signOutUrl
string(uri)
false
URL to sign out via SSO.
spRequestMethod
string
true
Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.
Enumerated Values
Property
Value
configurationType
MANUAL
configurationType
METADATA
configurationType
METADATA_URL
idpResponseMethod
POST
idpResponseMethod
REDIRECT
spRequestMethod
POST
spRequestMethod
REDIRECT
ListSsoConfigurationResponse
{
"count" : 0 ,
"data" : [
{
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupDelimiter" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"datarobotGroupName" : "string" ,
"idpGroupId" : "string"
}
],
"id" : "string" ,
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleDelimiter" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 604800 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
],
"next" : "string" ,
"previous" : "string" ,
"totalCount" : 0
}
Properties
Name
Type
Required
Restrictions
Description
count
integer
true
minimum: 0
Number of SSO configurations returned.
data
[EnhancedSsoConfigurationResponse ]
true
SSO configuration.
next
string¦null
true
Link to the next page of the SSO configurations.
previous
string¦null
true
Link to the previous page of the SSO configurations.
totalCount
integer
true
minimum: 0
Total number of SSO configurations.
SamlAdvancedConfiguration
{
"digestAlgorithm" : "DIGEST_RIPEMD160" ,
"samlAttributesMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"samlClientConfiguration" : {
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"encryption_keypairs" : [
{
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
}
],
"id_attr_name" : "string" ,
"id_attr_name_crypto" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
},
"signatureAlgorithm" : "SIG_RSA_SHA1"
}
Properties
Name
Type
Required
Restrictions
Description
digestAlgorithm
string
false
Algorithm for calculating digest.
samlAttributesMapping
EnhancedSamlAttributeMapping
true
Attribute mapping between DataRobot and IdP.
samlClientConfiguration
EnhancedSamlClientConfig
true
Encryption related parameters.
signatureAlgorithm
string
false
Algorithm for calculating signature.
Enumerated Values
Property
Value
digestAlgorithm
DIGEST_RIPEMD160
digestAlgorithm
DIGEST_SHA1
digestAlgorithm
DIGEST_SHA224
digestAlgorithm
DIGEST_SHA256
digestAlgorithm
DIGEST_SHA384
digestAlgorithm
DIGEST_SHA512
signatureAlgorithm
SIG_RSA_SHA1
signatureAlgorithm
SIG_RSA_SHA224
signatureAlgorithm
SIG_RSA_SHA256
signatureAlgorithm
SIG_RSA_SHA384
signatureAlgorithm
SIG_RSA_SHA512
SamlCertificate
{
"fileName" : "string" ,
"value" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
fileName
string
false
Path to certificate file.
value
string
true
Certificate content.
SamlGroupMappingResponse
{
"datarobotGroupId" : "string" ,
"datarobotGroupName" : "string" ,
"idpGroupId" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
datarobotGroupId
string
true
DataRobot group ID.
datarobotGroupName
string
false
DataRobot group name.
idpGroupId
string
true
A name of the identity provider group.
{
"fileName" : "string" ,
"value" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
fileName
string
true
Path to IdP metadata file.
value
string
true
IdP metadata.
SamlSecurityParameters
{
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
}
Properties
Name
Type
Required
Restrictions
Description
allowUnsolicited
boolean
false
Allow unsolicited.
authnRequestsSigned
boolean
false
Sign auth requests.
logoutRequestsSigned
boolean
false
Sign logout requests.
wantAssertionsSigned
boolean
false
Sign assertions.
wantResponseSigned
boolean
false
Sign response.
UpdateSsoConfiguration
{
"advancedConfiguration" : {
"digestAlgorithm" : "DIGEST_RIPEMD160" ,
"samlAttributesMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"samlClientConfiguration" : {
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"encryption_keypairs" : [
{
"cert_file" : "string" ,
"cert_file_value" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
}
],
"id_attr_name" : "string" ,
"id_attr_name_crypto" : "string" ,
"key_file" : "string" ,
"key_file_value" : "string"
},
"signatureAlgorithm" : "SIG_RSA_SHA1"
},
"attributeMapping" : {
"displayName" : "string" ,
"email" : "string" ,
"firstName" : "string" ,
"group" : "string" ,
"impersonationUser" : "string" ,
"lastName" : "string" ,
"role" : "string" ,
"username" : "string"
},
"autoGenerateUsers" : true ,
"certificate" : {
"fileName" : "string" ,
"value" : "string"
},
"configurationType" : "MANUAL" ,
"enableSso" : true ,
"enforceSso" : true ,
"entityId" : "string" ,
"groupMapping" : [
{
"datarobotGroupId" : "string" ,
"idpGroupId" : "string"
}
],
"idpMetadata" : {
"fileName" : "string" ,
"value" : "string"
},
"idpMetadataHttpsVerify" : true ,
"idpMetadataUrl" : "http://example.com" ,
"idpResponseMethod" : "POST" ,
"issuer" : "string" ,
"name" : "string" ,
"organizationId" : "string" ,
"roleMapping" : [
{
"datarobotRoleId" : "string" ,
"idpRoleId" : "string"
}
],
"securityParameters" : {
"allowUnsolicited" : true ,
"authnRequestsSigned" : true ,
"logoutRequestsSigned" : true ,
"wantAssertionsSigned" : true ,
"wantResponseSigned" : true
},
"sessionLengthSeconds" : 0 ,
"signOnUrl" : "http://example.com" ,
"signOutUrl" : "http://example.com" ,
"spRequestMethod" : "POST"
}
Properties
Name
Type
Required
Restrictions
Description
advancedConfiguration
SamlAdvancedConfiguration
false
An object containing SSO client advanced parameters.
attributeMapping
EnhancedSamlAttributeMapping
false
Attribute mapping between Datarobot and IdP. The dict that have predefined datarobot attributes in keys and idp attribute in values.
autoGenerateUsers
boolean
false
determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate
SamlCertificate
false
Certificate to be used by IdP.
configurationType
string
false
The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA
- when IDP metadata is provided in the config, METADATA_URL
- when an URL for metadata retrieval is provided in the config and MANUAL
- when IDP sign-on/sign-out URLs and certificate are provided.
enableSso
boolean
false
Defines if SSO is enabled.
enforceSso
boolean
false
Defines if SSO is enforced.
entityId
string
false
The globally unique identifier of the entity. Provided by IdP service.
groupMapping
[EnhancedSamlGroupMapping ]
false
The list of DataRobot group to identity provider group maps.
idpMetadata
SamlMetadataFile
false
XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify
boolean
false
When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.
idpMetadataUrl
string(uri)
false
URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod
string
false
Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer
string
false
Optional Issuer field that may be required by IdP.
name
string
false
The name of the SSO configuration.
organizationId
string
false
The organization ID to which the SSO config belongs.
roleMapping
[EnhancedSamlRoleMapping ]
false
The list of DataRobot access role to identity provider role maps.
securityParameters
SamlSecurityParameters
false
The object that contains SAML specific directives.
sessionLengthSeconds
integer
false
Time window for the authentication session via IdP.
signOnUrl
string(uri)
false
URL to sign on via SSO.
signOutUrl
string(uri)
false
URL to sign out via SSO.
spRequestMethod
string
false
Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.
Enumerated Values
Property
Value
configurationType
MANUAL
configurationType
METADATA
configurationType
METADATA_URL
idpResponseMethod
POST
idpResponseMethod
REDIRECT
spRequestMethod
POST
spRequestMethod
REDIRECT
Updated September 19, 2023
Submit
Thanks for your feedback!