SSO Configuration¶
This page outlines the operations, endpoints, parameters, and example requests and responses for the SSO Configuration.
GET /api/v2/ssoConfigurations/¶
List the sso configurations that correspond to provided conditions.
Code samples¶
# You can also use wget
curl -X GET http://10.97.68.125/api/v2/ssoConfigurations/ \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| offset | query | integer | false | The number of records to skip over. |
| limit | query | integer | false | The number of records to return. |
| orgId | query | string | false | The ID of the organization. |
Example responses¶
200 Response
{
"count": 0,
"data": [
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
],
"next": "string",
"previous": "string",
"totalCount": 0
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | List of sso configurations. | ListSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
POST /api/v2/ssoConfigurations/¶
Create an SSO configuration for a specific organization
Code samples¶
# You can also use wget
curl -X POST http://10.97.68.125/api/v2/ssoConfigurations/ \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Body parameter¶
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | CreateSsoConfiguration | false | none |
Example responses¶
200 Response
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Configuration created successfully | EnhancedSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
GET /api/v2/ssoConfigurations/{configurationId}/¶
Retrieve SSO configuration of a specific organization.
Code samples¶
# You can also use wget
curl -X GET http://10.97.68.125/api/v2/ssoConfigurations/{configurationId}/ \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
Example responses¶
200 Response
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | SSO configuration. | EnhancedSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
PATCH /api/v2/ssoConfigurations/{configurationId}/¶
Update an SSO configuration for a specific organization.
Code samples¶
# You can also use wget
curl -X PATCH http://10.97.68.125/api/v2/ssoConfigurations/{configurationId}/ \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {access-token}'
Body parameter¶
{
"advancedConfiguration": {
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
},
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 0,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
| body | body | UpdateSsoConfiguration | false | none |
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | none | None |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
Schemas¶
CreateSsoConfiguration
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| attributeMapping | EnhancedSamlAttributeMapping | false | none | Attribute mapping between Datarobot and IdP. |
| autoGenerateUsers | boolean | false | none | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. |
| certificate | SamlCertificate | false | none | certificate to be used by IdP. |
| configurationType | string | true | none | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
| enableSso | boolean | true | none | Defines if SSO is enabled. |
| enforceSso | boolean | true | none | Defines if SSO is enforced. |
| entityId | string | true | none | The globally unique identifier of the entity. Provided by IdP service. |
| groupMapping | [EnhancedSamlGroupMapping] | false | none | The list of DataRobot group to identity provider group maps. |
| idpMetadata | SamlMetadataFile | false | none | XML document, IdP SSO descriptor. Provided by IdP service. |
| idpMetadataHttpsVerify | boolean | false | none | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
| idpMetadataUrl | string(uri) | false | none | URL to the IdP SSO descriptor. Provided by IdP service. |
| idpResponseMethod | string | true | none | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. |
| issuer | string | false | none | Optional Issuer field that may be required by IdP. |
| name | string | true | none | The name of the SSO configuration. |
| organizationId | string | false | none | The organization ID to which the SSO config belongs. |
| roleMapping | [EnhancedSamlRoleMapping] | false | none | The list of DataRobot access role to identity provider role maps. |
| securityParameters | SamlSecurityParameters | false | none | The object that contains SAML specific directives. |
| sessionLengthSeconds | integer | true | none | Time window for the authentication session via IDP |
| signOnUrl | string(uri) | false | none | URL to sign on via SSO. |
| signOutUrl | string(uri) | false | none | URL to sign out via SSO. |
| spRequestMethod | string | true | none | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | MANUAL |
| configurationType | METADATA |
| configurationType | METADATA_URL |
| idpResponseMethod | POST |
| idpResponseMethod | REDIRECT |
| spRequestMethod | POST |
| spRequestMethod | REDIRECT |
EnhancedEncryptionKeypairs
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cert_file | string | false | none | Path to the pem file with a single certificate. |
| cert_file_value | string | false | none | A single certificate pem file content as a single string. Has priority over cert_file. |
| key_file | string | false | none | Path to the private key pem file. |
| key_file_value | string | false | none | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlAttributeMapping
{
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| displayName | string | false | none | Display name. |
| string | false | none | Email. | |
| firstName | string | false | none | First name. |
| group | string | false | none | Group. |
| impersonationUser | string | false | none | Impersonation user. |
| lastName | string | false | none | Last name. |
| role | string | false | none | Role. |
| username | string | false | none | Username. |
EnhancedSamlClientConfig
{
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cert_file | string | false | none | Path to the pem file with a single certificate. |
| cert_file_value | string | false | none | A single certificate pem file content as a single string. Has priority over cert_file. |
| encryption_keypairs | [EnhancedEncryptionKeypairs] | false | none | Indicates which certificates will be used for encryption capabilities. |
| id_attr_name | string | false | none | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used |
| id_attr_name_crypto | string | false | none | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used |
| key_file | string | false | none | Path to the private key pem file. |
| key_file_value | string | false | none | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlGroupMapping
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotGroupId | string | true | none | DataRobot group ID. |
| idpGroupId | string | true | none | Name of the identity provider group |
EnhancedSamlRoleMapping
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotRoleId | string | true | none | DataRobot access role ID. |
| idpRoleId | string | true | none | Name of the identity provider role. |
EnhancedSsoConfigurationResponse
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| attributeMapping | EnhancedSamlAttributeMapping | false | none | Attribute mapping between DataRobot and IdP. |
| autoGenerateUsers | boolean | false | none | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. |
| certificate | SamlCertificate | false | none | Certificate to be used by IdP. |
| configurationType | string | true | none | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
| enableSso | boolean | true | none | Defines if SSO is enabled. |
| enforceSso | boolean | true | none | Defines if SSO is enforced. |
| entityId | string | true | none | The globally unique identifier of the entity. Provided by IdP service. |
| groupDelimiter | string | false | none | A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list. |
| groupMapping | [SamlGroupMappingResponse] | false | none | The list of DataRobot group to identity provider group maps. |
| id | string | true | none | SSO configuration ID. |
| idpMetadata | SamlMetadataFile | false | none | XML document, IdP SSO descriptor. Provided by IdP service. |
| idpMetadataHttpsVerify | boolean | false | none | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
| idpMetadataUrl | string(uri) | false | none | URL to the IdP SSO descriptor. Provided by IdP service. |
| idpResponseMethod | string | true | none | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. |
| issuer | string¦null | false | none | Optional Issuer field that may be required by IdP. |
| name | string | true | none | The name of the SSO configuration. |
| organizationId | string | false | none | The organization ID to which the SSO config belongs. |
| roleDelimiter | string | false | none | A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list. |
| roleMapping | [EnhancedSamlRoleMapping] | false | none | The list of DataRobot access role to identity provider role maps. |
| securityParameters | SamlSecurityParameters | false | none | The object that contains SAML specific directives. |
| sessionLengthSeconds | integer | true | none | Time window for the authentication session via IDP |
| signOnUrl | string(uri) | false | none | URL to sign on via SSO. |
| signOutUrl | string(uri) | false | none | URL to sign out via SSO. |
| spRequestMethod | string | true | none | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | MANUAL |
| configurationType | METADATA |
| configurationType | METADATA_URL |
| idpResponseMethod | POST |
| idpResponseMethod | REDIRECT |
| spRequestMethod | POST |
| spRequestMethod | REDIRECT |
ListSsoConfigurationResponse
{
"count": 0,
"data": [
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
],
"next": "string",
"previous": "string",
"totalCount": 0
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| count | integer | true | none | Number of SSO configurations returned. |
| data | [EnhancedSsoConfigurationResponse] | true | none | SSO configuration. |
| next | string¦null | true | none | Link to the next page of the SSO configurations. |
| previous | string¦null | true | none | Link to the previous page of the SSO configurations. |
| totalCount | integer | true | none | Total number of SSO configurations. |
SamlAdvancedConfiguration
{
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| digestAlgorithm | string | false | none | Algorithm for calculating digest. |
| samlAttributesMapping | EnhancedSamlAttributeMapping | true | none | Attribute mapping between DataRobot and IdP. |
| samlClientConfiguration | EnhancedSamlClientConfig | true | none | Encryption related parameters. |
| signatureAlgorithm | string | false | none | Algorithm for calculating signature. |
Enumerated Values¶
| Property | Value |
|---|---|
| digestAlgorithm | DIGEST_RIPEMD160 |
| digestAlgorithm | DIGEST_SHA1 |
| digestAlgorithm | DIGEST_SHA224 |
| digestAlgorithm | DIGEST_SHA256 |
| digestAlgorithm | DIGEST_SHA384 |
| digestAlgorithm | DIGEST_SHA512 |
| signatureAlgorithm | SIG_RSA_SHA1 |
| signatureAlgorithm | SIG_RSA_SHA224 |
| signatureAlgorithm | SIG_RSA_SHA256 |
| signatureAlgorithm | SIG_RSA_SHA384 |
| signatureAlgorithm | SIG_RSA_SHA512 |
SamlCertificate
{
"fileName": "string",
"value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| fileName | string | false | none | Path to certificate file. |
| value | string | true | none | Certificate content. |
SamlGroupMappingResponse
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotGroupId | string | true | none | DataRobot group ID. |
| datarobotGroupName | string | false | none | DataRobot group name. |
| idpGroupId | string | true | none | A name of the identity provider group. |
SamlMetadataFile
{
"fileName": "string",
"value": "string"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| fileName | string | true | none | Path to IdP metadata file. |
| value | string | true | none | IdP metadata. |
SamlSecurityParameters
{
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| allowUnsolicited | boolean | false | none | Allow unsolicited. |
| authnRequestsSigned | boolean | false | none | Sign auth requests. |
| logoutRequestsSigned | boolean | false | none | Sign logout requests. |
| wantAssertionsSigned | boolean | false | none | Sign assertions. |
| wantResponseSigned | boolean | false | none | Sign response. |
UpdateSsoConfiguration
{
"advancedConfiguration": {
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
},
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 0,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| advancedConfiguration | SamlAdvancedConfiguration | false | none | An object containing SSO client advanced parameters. |
| attributeMapping | EnhancedSamlAttributeMapping | false | none | Attribute mapping between Datarobot and IdP. The dict that have predefined datarobot attributes in keys and idp attribute in values. |
| autoGenerateUsers | boolean | false | none | determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. |
| certificate | SamlCertificate | false | none | Certificate to be used by IdP. |
| configurationType | string | false | none | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
| enableSso | boolean | false | none | Defines if SSO is enabled. |
| enforceSso | boolean | false | none | Defines if SSO is enforced. |
| entityId | string | false | none | The globally unique identifier of the entity. Provided by IdP service. |
| groupMapping | [EnhancedSamlGroupMapping] | false | none | The list of DataRobot group to identity provider group maps. |
| idpMetadata | SamlMetadataFile | false | none | XML document, IdP SSO descriptor. Provided by IdP service. |
| idpMetadataHttpsVerify | boolean | false | none | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
| idpMetadataUrl | string(uri) | false | none | URL to the IdP SSO descriptor. Provided by IdP service. |
| idpResponseMethod | string | false | none | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. |
| issuer | string | false | none | Optional Issuer field that may be required by IdP. |
| name | string | false | none | The name of the SSO configuration. |
| organizationId | string | false | none | The organization ID to which the SSO config belongs. |
| roleMapping | [EnhancedSamlRoleMapping] | false | none | The list of DataRobot access role to identity provider role maps. |
| securityParameters | SamlSecurityParameters | false | none | The object that contains SAML specific directives. |
| sessionLengthSeconds | integer | false | none | Time window for the authentication session via IdP. |
| signOnUrl | string(uri) | false | none | URL to sign on via SSO. |
| signOutUrl | string(uri) | false | none | URL to sign out via SSO. |
| spRequestMethod | string | false | none | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | MANUAL |
| configurationType | METADATA |
| configurationType | METADATA_URL |
| idpResponseMethod | POST |
| idpResponseMethod | REDIRECT |
| spRequestMethod | POST |
| spRequestMethod | REDIRECT |
Updated March 22, 2023
Was this page helpful?
Great! Let us know what you found helpful.
What can we do to improve the content?
Thanks for your feedback!