SSO configuration¶
Use the endpoints described below to configure single sign-on for your organization.
List sso configurations¶
Operation path: GET /api/v2/ssoConfigurations/
Authentication requirements: BearerAuth
List the sso configurations that correspond to provided conditions.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| offset | query | integer | false | The number of records to skip over. |
| limit | query | integer | false | The number of records to return. |
| orgId | query | string | false | The ID of the organization. |
Example responses¶
200 Response
{
"properties": {
"count": {
"description": "Number of SSO configurations returned.",
"minimum": 0,
"type": "integer"
},
"data": {
"description": "SSO configuration.",
"items": {
"properties": {
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"datarobotGroupName": {
"description": "DataRobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration ID.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "DataRobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via IDP",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
},
"maxItems": 1000,
"type": "array"
},
"next": {
"description": "Link to the next page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"previous": {
"description": "Link to the previous page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"totalCount": {
"description": "Total number of SSO configurations.",
"minimum": 0,
"type": "integer"
}
},
"required": [
"count",
"data",
"next",
"previous",
"totalCount"
],
"type": "object"
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | List of sso configurations. | ListSsoConfigurationResponse |
Create an SSO configuration¶
Operation path: POST /api/v2/ssoConfigurations/
Authentication requirements: BearerAuth
Create an SSO configuration for a specific organization.
Body parameter¶
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via IDP",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | CreateSsoConfiguration | false | none |
Example responses¶
200 Response
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"datarobotGroupName": {
"description": "DataRobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration ID.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "DataRobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via IDP",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Configuration created successfully | EnhancedSsoConfigurationResponse |
Retrieve SSO configuration of a specific organization by configuration ID¶
Operation path: GET /api/v2/ssoConfigurations/{configurationId}/
Authentication requirements: BearerAuth
Retrieve SSO configuration of a specific organization.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
Example responses¶
200 Response
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"datarobotGroupName": {
"description": "DataRobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration ID.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "DataRobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via IDP",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | SSO configuration. | EnhancedSsoConfigurationResponse |
Update an SSO configuration by configuration ID¶
Operation path: PATCH /api/v2/ssoConfigurations/{configurationId}/
Authentication requirements: BearerAuth
Update an SSO configuration for a specific organization.
Body parameter¶
{
"properties": {
"advancedConfiguration": {
"description": "An object containing SSO client advanced parameters.",
"properties": {
"digestAlgorithm": {
"description": "Algorithm for calculating digest.",
"enum": [
"DIGEST_RIPEMD160",
"DIGEST_SHA1",
"DIGEST_SHA224",
"DIGEST_SHA256",
"DIGEST_SHA384",
"DIGEST_SHA512"
],
"type": "string"
},
"samlAttributesMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"samlClientConfiguration": {
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"signatureAlgorithm": {
"description": "Algorithm for calculating signature.",
"enum": [
"SIG_RSA_SHA1",
"SIG_RSA_SHA224",
"SIG_RSA_SHA256",
"SIG_RSA_SHA384",
"SIG_RSA_SHA512"
],
"type": "string"
}
},
"required": [
"samlAttributesMapping",
"samlClientConfiguration"
],
"type": "object"
},
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: `METADATA` - when IDP metadata is provided in the config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"description": "Time window for the authentication session via IdP.",
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"type": "object"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
| body | body | UpdateSsoConfiguration | false | none |
Responses¶
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | none | None |
Schemas¶
CreateSsoConfiguration
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via IDP",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between DataRobot and IdP. | |
| autoGenerateUsers | boolean | false | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
| certificate | SamlCertificate | false | Certificate to be used by IdP. | |
| configurationType | string | true | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
| enableSso | boolean | true | Defines if SSO is enabled. | |
| enforceSso | boolean | true | Defines if SSO is enforced. | |
| entityId | string | true | The globally unique identifier of the entity. Provided by IdP service. | |
| groupMapping | [EnhancedSamlGroupMapping] | false | maxItems: 100 |
The list of DataRobot group to identity provider group maps. |
| idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
| idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
|
| idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
| idpResponseMethod | string | true | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
| issuer | string | false | Optional Issuer field that may be required by IdP. | |
| name | string | true | The name of the SSO configuration. | |
| organizationId | string | false | The organization ID to which the SSO config belongs. | |
| organizationMapping | [EnhancedSamlOrganizationMapping] | false | maxItems: 100 |
The list of DataRobot organization to identity provider organization maps. |
| roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 |
The list of DataRobot access role to identity provider role maps. |
| securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
| sessionLengthSeconds | integer | true | Time window for the authentication session via IDP | |
| signOnUrl | string(uri) | false | URL to sign on via SSO. | |
| signOutUrl | string(uri) | false | URL to sign out via SSO. | |
| spRequestMethod | string | true | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | [MANUAL, METADATA, METADATA_URL] |
| idpResponseMethod | [POST, REDIRECT] |
| spRequestMethod | [POST, REDIRECT] |
EnhancedEncryptionKeypairs
{
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cert_file | string | false | Path to the pem file with a single certificate. | |
| cert_file_value | string | false | A single certificate pem file content as a single string. Has priority over cert_file. | |
| key_file | string | false | Path to the private key pem file. | |
| key_file_value | string | false | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlAttributeMapping
{
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
}
Attribute mapping between DataRobot and IdP.
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| displayName | string | false | Display name. | |
| string | false | Email. | ||
| firstName | string | false | First name. | |
| group | string | false | Group. | |
| impersonationUser | string | false | Impersonation user. | |
| lastName | string | false | Last name. | |
| organization | string | false | Organization. | |
| role | string | false | Role. | |
| username | string | false | Username. |
EnhancedSamlClientConfig
{
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
}
Encryption related parameters.
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cert_file | string | false | Path to the pem file with a single certificate. | |
| cert_file_value | string | false | A single certificate pem file content as a single string. Has priority over cert_file. | |
| encryption_keypairs | [EnhancedEncryptionKeypairs] | false | maxItems: 100 |
Indicates which certificates will be used for encryption capabilities. |
| id_attr_name | string | false | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | |
| id_attr_name_crypto | string | false | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | |
| key_file | string | false | Path to the private key pem file. | |
| key_file_value | string | false | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlGroupMapping
{
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotGroupId | string | true | DataRobot group ID. | |
| idpGroupId | string | true | Name of the identity provider group |
EnhancedSamlOrganizationMapping
{
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotOrganizationId | string | true | DataRobot organization ID. | |
| idpOrganizationId | string | true | Name of the identity provider organization. |
EnhancedSamlRoleMapping
{
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotRoleId | string | true | DataRobot access role ID. | |
| idpRoleId | string | true | Name of the identity provider role. |
EnhancedSsoConfigurationResponse
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"datarobotGroupName": {
"description": "DataRobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration ID.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "DataRobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via IDP",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between DataRobot and IdP. | |
| autoGenerateUsers | boolean | false | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
| certificate | SamlCertificate | false | Certificate to be used by IdP. | |
| configurationType | string | true | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
| enableSso | boolean | true | Defines if SSO is enabled. | |
| enforceSso | boolean | true | Defines if SSO is enforced. | |
| entityId | string | true | The globally unique identifier of the entity. Provided by IdP service. | |
| groupDelimiter | string | false | A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list. | |
| groupMapping | [SamlGroupMappingResponse] | false | maxItems: 100 |
The list of DataRobot group to identity provider group maps. |
| id | string | true | SSO configuration ID. | |
| idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
| idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
|
| idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
| idpResponseMethod | string | true | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
| issuer | string,null | false | Optional Issuer field that may be required by IdP. | |
| name | string | true | The name of the SSO configuration. | |
| organizationId | string | false | The organization ID to which the SSO config belongs. | |
| organizationMapping | [SamlOrganizationMappingResponse] | false | maxItems: 100 |
The list of DataRobot organization to identity provider organization maps. |
| roleDelimiter | string | false | A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list. | |
| roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 |
The list of DataRobot access role to identity provider role maps. |
| securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
| sessionLengthSeconds | integer | true | Time window for the authentication session via IDP | |
| signOnUrl | string(uri) | false | URL to sign on via SSO. | |
| signOutUrl | string(uri) | false | URL to sign out via SSO. | |
| spRequestMethod | string | true | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | [MANUAL, METADATA, METADATA_URL] |
| idpResponseMethod | [POST, REDIRECT] |
| spRequestMethod | [POST, REDIRECT] |
ListSsoConfigurationResponse
{
"properties": {
"count": {
"description": "Number of SSO configurations returned.",
"minimum": 0,
"type": "integer"
},
"data": {
"description": "SSO configuration.",
"items": {
"properties": {
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"datarobotGroupName": {
"description": "DataRobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration ID.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "DataRobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via IDP",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
},
"maxItems": 1000,
"type": "array"
},
"next": {
"description": "Link to the next page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"previous": {
"description": "Link to the previous page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"totalCount": {
"description": "Total number of SSO configurations.",
"minimum": 0,
"type": "integer"
}
},
"required": [
"count",
"data",
"next",
"previous",
"totalCount"
],
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| count | integer | true | minimum: 0 |
Number of SSO configurations returned. |
| data | [EnhancedSsoConfigurationResponse] | true | maxItems: 1000 |
SSO configuration. |
| next | string,null | true | Link to the next page of the SSO configurations. | |
| previous | string,null | true | Link to the previous page of the SSO configurations. | |
| totalCount | integer | true | minimum: 0 |
Total number of SSO configurations. |
SamlAdvancedConfiguration
{
"description": "An object containing SSO client advanced parameters.",
"properties": {
"digestAlgorithm": {
"description": "Algorithm for calculating digest.",
"enum": [
"DIGEST_RIPEMD160",
"DIGEST_SHA1",
"DIGEST_SHA224",
"DIGEST_SHA256",
"DIGEST_SHA384",
"DIGEST_SHA512"
],
"type": "string"
},
"samlAttributesMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"samlClientConfiguration": {
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"signatureAlgorithm": {
"description": "Algorithm for calculating signature.",
"enum": [
"SIG_RSA_SHA1",
"SIG_RSA_SHA224",
"SIG_RSA_SHA256",
"SIG_RSA_SHA384",
"SIG_RSA_SHA512"
],
"type": "string"
}
},
"required": [
"samlAttributesMapping",
"samlClientConfiguration"
],
"type": "object"
}
An object containing SSO client advanced parameters.
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| digestAlgorithm | string | false | Algorithm for calculating digest. | |
| samlAttributesMapping | EnhancedSamlAttributeMapping | true | Attribute mapping between DataRobot and IdP. | |
| samlClientConfiguration | EnhancedSamlClientConfig | true | Encryption related parameters. | |
| signatureAlgorithm | string | false | Algorithm for calculating signature. |
Enumerated Values¶
| Property | Value |
|---|---|
| digestAlgorithm | [DIGEST_RIPEMD160, DIGEST_SHA1, DIGEST_SHA224, DIGEST_SHA256, DIGEST_SHA384, DIGEST_SHA512] |
| signatureAlgorithm | [SIG_RSA_SHA1, SIG_RSA_SHA224, SIG_RSA_SHA256, SIG_RSA_SHA384, SIG_RSA_SHA512] |
SamlCertificate
{
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
}
Certificate to be used by IdP.
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| fileName | string | false | Path to certificate file. | |
| value | string | true | Certificate content. |
SamlGroupMappingResponse
{
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"datarobotGroupName": {
"description": "DataRobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotGroupId | string | true | DataRobot group ID. | |
| datarobotGroupName | string | false | DataRobot group name. | |
| idpGroupId | string | true | A name of the identity provider group. |
SamlMetadataFile
{
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
}
XML document, IdP SSO descriptor. Provided by IdP service.
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| fileName | string | true | Path to IdP metadata file. | |
| value | string | true | IdP metadata. |
SamlOrganizationMappingResponse
{
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "DataRobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| datarobotOrganizationId | string | true | DataRobot organization ID. | |
| datarobotOrganizationName | string | false | DataRobot organization name. | |
| idpOrganizationId | string | true | A name of the identity provider organization. |
SamlSecurityParameters
{
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
}
The object that contains SAML specific directives.
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| allowUnsolicited | boolean | false | Allow unsolicited. | |
| authnRequestsSigned | boolean | false | Sign auth requests. | |
| logoutRequestsSigned | boolean | false | Sign logout requests. | |
| wantAssertionsSigned | boolean | false | Sign assertions. | |
| wantResponseSigned | boolean | false | Sign response. |
UpdateSsoConfiguration
{
"properties": {
"advancedConfiguration": {
"description": "An object containing SSO client advanced parameters.",
"properties": {
"digestAlgorithm": {
"description": "Algorithm for calculating digest.",
"enum": [
"DIGEST_RIPEMD160",
"DIGEST_SHA1",
"DIGEST_SHA224",
"DIGEST_SHA256",
"DIGEST_SHA384",
"DIGEST_SHA512"
],
"type": "string"
},
"samlAttributesMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"samlClientConfiguration": {
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. Has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. Has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"signatureAlgorithm": {
"description": "Algorithm for calculating signature.",
"enum": [
"SIG_RSA_SHA1",
"SIG_RSA_SHA224",
"SIG_RSA_SHA256",
"SIG_RSA_SHA384",
"SIG_RSA_SHA512"
],
"type": "string"
}
},
"required": [
"samlAttributesMapping",
"samlClientConfiguration"
],
"type": "object"
},
"attributeMapping": {
"description": "Attribute mapping between DataRobot and IdP.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by IdP.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: `METADATA` - when IDP metadata is provided in the config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. Provided by IdP service.",
"type": "string"
},
"groupMapping": {
"description": "The list of DataRobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "DataRobot group ID.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, IdP SSO descriptor. Provided by IdP service.",
"properties": {
"fileName": {
"description": "Path to IdP metadata file.",
"type": "string"
},
"value": {
"description": "IdP metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "URL to the IdP SSO descriptor. Provided by IdP service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional Issuer field that may be required by IdP.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization ID to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of DataRobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "DataRobot organization ID.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of DataRobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "DataRobot access role ID.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"description": "Time window for the authentication session via IdP.",
"type": "integer"
},
"signOnUrl": {
"description": "URL to sign on via SSO.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "URL to sign out via SSO.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"type": "object"
}
Properties¶
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| advancedConfiguration | SamlAdvancedConfiguration | false | An object containing SSO client advanced parameters. | |
| attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between DataRobot and IdP. | |
| autoGenerateUsers | boolean | false | determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
| certificate | SamlCertificate | false | Certificate to be used by IdP. | |
| configurationType | string | false | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
| enableSso | boolean | false | Defines if SSO is enabled. | |
| enforceSso | boolean | false | Defines if SSO is enforced. | |
| entityId | string | false | The globally unique identifier of the entity. Provided by IdP service. | |
| groupMapping | [EnhancedSamlGroupMapping] | false | maxItems: 100 |
The list of DataRobot group to identity provider group maps. |
| idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
| idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. | |
| idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
| idpResponseMethod | string | false | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
| issuer | string | false | Optional Issuer field that may be required by IdP. | |
| name | string | false | The name of the SSO configuration. | |
| organizationId | string | false | The organization ID to which the SSO config belongs. | |
| organizationMapping | [EnhancedSamlOrganizationMapping] | false | maxItems: 100 |
The list of DataRobot organization to identity provider organization maps. |
| roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 |
The list of DataRobot access role to identity provider role maps. |
| securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
| sessionLengthSeconds | integer | false | Time window for the authentication session via IdP. | |
| signOnUrl | string(uri) | false | URL to sign on via SSO. | |
| signOutUrl | string(uri) | false | URL to sign out via SSO. | |
| spRequestMethod | string | false | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
| Property | Value |
|---|---|
| configurationType | [MANUAL, METADATA, METADATA_URL] |
| idpResponseMethod | [POST, REDIRECT] |
| spRequestMethod | [POST, REDIRECT] |