# SSO configuration > SSO configuration - Use the endpoints described below to configure single sign-on for your > organization. This Markdown file sits beside the HTML page at the same path (with a `.md` suffix). It summarizes the topic and lists links for tools and LLM context. Companion generated at `2026-05-06T18:17:09.797223+00:00` (UTC). ## Primary page - [SSO configuration](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html): Full documentation for this topic (HTML). ## Sections on this page - [List sso configurations](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#list-sso-configurations): In-page section heading. - [Parameters](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#ssoconfigurations_list-parameters): In-page section heading. - [Example responses](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#example-responses): In-page section heading. - [Responses](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#responses): In-page section heading. - [Create an SSO configuration](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#create-an-sso-configuration): In-page section heading. - [Body parameter](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#body-parameter): In-page section heading. - [Parameters](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#ssoconfigurations_create-parameters): In-page section heading. - [Example responses](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#example-responses_1): In-page section heading. - [Responses](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#responses_1): In-page section heading. - [Retrieve SSO configuration of a specific organization by configuration ID](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#retrieve-sso-configuration-of-a-specific-organization-by-configuration-id): In-page section heading. - [Parameters](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#ssoconfigurations_retrieve-parameters): In-page section heading. - [Example responses](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#example-responses_2): In-page section heading. - [Responses](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#responses_2): In-page section heading. - [Update an SSO configuration by configuration ID](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#update-an-sso-configuration-by-configuration-id): In-page section heading. - [Body parameter](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#body-parameter_1): In-page section heading. - [Parameters](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#ssoconfigurations_patch-parameters): In-page section heading. - [Responses](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#responses_3): In-page section heading. - [CreateSsoConfiguration](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_CreateSsoConfiguration): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties): In-page section heading. - [Enumerated Values](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#enumerated-values): In-page section heading. - [EnhancedEncryptionKeypairs](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_EnhancedEncryptionKeypairs): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_1): In-page section heading. - [EnhancedSamlAttributeMapping](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_EnhancedSamlAttributeMapping): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_2): In-page section heading. - [EnhancedSamlClientConfig](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_EnhancedSamlClientConfig): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_3): In-page section heading. - [EnhancedSamlGroupMapping](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_EnhancedSamlGroupMapping): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_4): In-page section heading. - [EnhancedSamlOrganizationMapping](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_EnhancedSamlOrganizationMapping): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_5): In-page section heading. - [EnhancedSamlRoleMapping](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_EnhancedSamlRoleMapping): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_6): In-page section heading. - [EnhancedSsoConfigurationResponse](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_EnhancedSsoConfigurationResponse): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_7): In-page section heading. - [Enumerated Values](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#enumerated-values_1): In-page section heading. - [ListSsoConfigurationResponse](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_ListSsoConfigurationResponse): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_8): In-page section heading. - [SamlAdvancedConfiguration](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_SamlAdvancedConfiguration): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_9): In-page section heading. - [Enumerated Values](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#enumerated-values_2): In-page section heading. - [SamlCertificate](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_SamlCertificate): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_10): In-page section heading. - [SamlGroupMappingResponse](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_SamlGroupMappingResponse): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_11): In-page section heading. - [SamlMetadataFile](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_SamlMetadataFile): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_12): In-page section heading. - [SamlOrganizationMappingResponse](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_SamlOrganizationMappingResponse): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_13): In-page section heading. - [SamlSecurityParameters](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_SamlSecurityParameters): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_14): In-page section heading. - [UpdateSsoConfiguration](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#tocS_UpdateSsoConfiguration): In-page section heading. - [Properties](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#properties_15): In-page section heading. - [Enumerated Values](https://docs.datarobot.com/en/docs/api/reference/public-api/sso_configuration.html#enumerated-values_3): In-page section heading. ## Related documentation - [Developer documentation](https://docs.datarobot.com/en/docs/api/index.html): Linked from this page. - [API reference](https://docs.datarobot.com/en/docs/api/reference/index.html): Linked from this page. - [REST API](https://docs.datarobot.com/en/docs/api/reference/public-api/index.html): Linked from this page. - [Administration](https://docs.datarobot.com/en/docs/api/reference/public-api/tag-admin.html): Linked from this page. ## Documentation content Use the endpoints described below to configure single sign-on for your organization. ## List sso configurations Operation path: `GET /api/v2/ssoConfigurations/` Authentication requirements: `BearerAuth` List the sso configurations that correspond to provided conditions. ### Parameters | Name | In | Type | Required | Description | | --- | --- | --- | --- | --- | | offset | query | integer | false | The number of records to skip over. | | limit | query | integer | false | The number of records to return. | | orgId | query | string | false | The ID of the organization. | ### Example responses > 200 Response ``` { "properties": { "count": { "description": "Number of SSO configurations returned.", "minimum": 0, "type": "integer" }, "data": { "description": "SSO configuration.", "items": { "properties": { "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupDelimiter": { "description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "datarobotGroupName": { "description": "DataRobot group name.", "type": "string" }, "idpGroupId": { "description": "A name of the identity provider group.", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "id": { "description": "SSO configuration ID.", "type": "string" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "default": "POST", "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": [ "string", "null" ] }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "datarobotOrganizationName": { "description": "DataRobot organization name.", "type": "string" }, "idpOrganizationId": { "description": "A name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleDelimiter": { "description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.", "type": "string" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "default": 604800, "description": "Time window for the authentication session via IDP", "exclusiveMinimum": 0, "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "default": "REDIRECT", "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "required": [ "configurationType", "enableSso", "enforceSso", "entityId", "id", "idpResponseMethod", "name", "sessionLengthSeconds", "spRequestMethod" ], "type": "object" }, "maxItems": 1000, "type": "array" }, "next": { "description": "Link to the next page of the SSO configurations.", "type": [ "string", "null" ] }, "previous": { "description": "Link to the previous page of the SSO configurations.", "type": [ "string", "null" ] }, "totalCount": { "description": "Total number of SSO configurations.", "minimum": 0, "type": "integer" } }, "required": [ "count", "data", "next", "previous", "totalCount" ], "type": "object" } ``` ### Responses | Status | Meaning | Description | Schema | | --- | --- | --- | --- | | 200 | OK | List of sso configurations. | ListSsoConfigurationResponse | ## Create an SSO configuration Operation path: `POST /api/v2/ssoConfigurations/` Authentication requirements: `BearerAuth` Create an SSO configuration for a specific organization. ### Body parameter ``` { "properties": { "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "idpGroupId": { "description": "Name of the identity provider group", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "default": "POST", "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": "string" }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "idpOrganizationId": { "description": "Name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "default": 604800, "description": "Time window for the authentication session via IDP", "exclusiveMinimum": 0, "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "default": "REDIRECT", "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "required": [ "configurationType", "enableSso", "enforceSso", "entityId", "idpResponseMethod", "name", "sessionLengthSeconds", "spRequestMethod" ], "type": "object" } ``` ### Parameters | Name | In | Type | Required | Description | | --- | --- | --- | --- | --- | | body | body | CreateSsoConfiguration | false | none | ### Example responses > 200 Response ``` { "properties": { "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupDelimiter": { "description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "datarobotGroupName": { "description": "DataRobot group name.", "type": "string" }, "idpGroupId": { "description": "A name of the identity provider group.", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "id": { "description": "SSO configuration ID.", "type": "string" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "default": "POST", "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": [ "string", "null" ] }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "datarobotOrganizationName": { "description": "DataRobot organization name.", "type": "string" }, "idpOrganizationId": { "description": "A name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleDelimiter": { "description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.", "type": "string" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "default": 604800, "description": "Time window for the authentication session via IDP", "exclusiveMinimum": 0, "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "default": "REDIRECT", "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "required": [ "configurationType", "enableSso", "enforceSso", "entityId", "id", "idpResponseMethod", "name", "sessionLengthSeconds", "spRequestMethod" ], "type": "object" } ``` ### Responses | Status | Meaning | Description | Schema | | --- | --- | --- | --- | | 200 | OK | Configuration created successfully | EnhancedSsoConfigurationResponse | ## Retrieve SSO configuration of a specific organization by configuration ID Operation path: `GET /api/v2/ssoConfigurations/{configurationId}/` Authentication requirements: `BearerAuth` Retrieve SSO configuration of a specific organization. ### Parameters | Name | In | Type | Required | Description | | --- | --- | --- | --- | --- | | configurationId | path | string | true | The ID of the organization to retrieve SSO config for. | ### Example responses > 200 Response ``` { "properties": { "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupDelimiter": { "description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "datarobotGroupName": { "description": "DataRobot group name.", "type": "string" }, "idpGroupId": { "description": "A name of the identity provider group.", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "id": { "description": "SSO configuration ID.", "type": "string" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "default": "POST", "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": [ "string", "null" ] }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "datarobotOrganizationName": { "description": "DataRobot organization name.", "type": "string" }, "idpOrganizationId": { "description": "A name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleDelimiter": { "description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.", "type": "string" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "default": 604800, "description": "Time window for the authentication session via IDP", "exclusiveMinimum": 0, "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "default": "REDIRECT", "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "required": [ "configurationType", "enableSso", "enforceSso", "entityId", "id", "idpResponseMethod", "name", "sessionLengthSeconds", "spRequestMethod" ], "type": "object" } ``` ### Responses | Status | Meaning | Description | Schema | | --- | --- | --- | --- | | 200 | OK | SSO configuration. | EnhancedSsoConfigurationResponse | ## Update an SSO configuration by configuration ID Operation path: `PATCH /api/v2/ssoConfigurations/{configurationId}/` Authentication requirements: `BearerAuth` Update an SSO configuration for a specific organization. ### Body parameter ``` { "properties": { "advancedConfiguration": { "description": "An object containing SSO client advanced parameters.", "properties": { "digestAlgorithm": { "description": "Algorithm for calculating digest.", "enum": [ "DIGEST_RIPEMD160", "DIGEST_SHA1", "DIGEST_SHA224", "DIGEST_SHA256", "DIGEST_SHA384", "DIGEST_SHA512" ], "type": "string" }, "samlAttributesMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "samlClientConfiguration": { "description": "Encryption related parameters.", "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "encryption_keypairs": { "description": "Indicates which certificates will be used for encryption capabilities.", "items": { "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" }, "maxItems": 100, "type": "array" }, "id_attr_name": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "id_attr_name_crypto": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" }, "signatureAlgorithm": { "description": "Algorithm for calculating signature.", "enum": [ "SIG_RSA_SHA1", "SIG_RSA_SHA224", "SIG_RSA_SHA256", "SIG_RSA_SHA384", "SIG_RSA_SHA512" ], "type": "string" } }, "required": [ "samlAttributesMapping", "samlClientConfiguration" ], "type": "object" }, "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: `METADATA` - when IDP metadata is provided in the config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "idpGroupId": { "description": "Name of the identity provider group", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": "string" }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "idpOrganizationId": { "description": "Name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "description": "Time window for the authentication session via IdP.", "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "type": "object" } ``` ### Parameters | Name | In | Type | Required | Description | | --- | --- | --- | --- | --- | | configurationId | path | string | true | The ID of the organization to retrieve SSO config for. | | body | body | UpdateSsoConfiguration | false | none | ### Responses | Status | Meaning | Description | Schema | | --- | --- | --- | --- | | 204 | No Content | none | None | # Schemas ## CreateSsoConfiguration ``` { "properties": { "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "idpGroupId": { "description": "Name of the identity provider group", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "default": "POST", "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": "string" }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "idpOrganizationId": { "description": "Name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "default": 604800, "description": "Time window for the authentication session via IDP", "exclusiveMinimum": 0, "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "default": "REDIRECT", "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "required": [ "configurationType", "enableSso", "enforceSso", "entityId", "idpResponseMethod", "name", "sessionLengthSeconds", "spRequestMethod" ], "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | attributeMapping | EnhancedSamlAttributeMapping | false | | Attribute mapping between DataRobot and IdP. | | autoGenerateUsers | boolean | false | | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | | certificate | SamlCertificate | false | | Certificate to be used by IdP. | | configurationType | string | true | | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided. | | enableSso | boolean | true | | Defines if SSO is enabled. | | enforceSso | boolean | true | | Defines if SSO is enforced. | | entityId | string | true | | The globally unique identifier of the entity. Provided by IdP service. | | groupMapping | [EnhancedSamlGroupMapping] | false | maxItems: 100 | The list of DataRobot group to identity provider group maps. | | idpMetadata | SamlMetadataFile | false | | XML document, IdP SSO descriptor. Provided by IdP service. | | idpMetadataHttpsVerify | boolean | false | | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. | | idpMetadataUrl | string(uri) | false | | URL to the IdP SSO descriptor. Provided by IdP service. | | idpResponseMethod | string | true | | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | | issuer | string | false | | Optional Issuer field that may be required by IdP. | | name | string | true | | The name of the SSO configuration. | | organizationId | string | false | | The organization ID to which the SSO config belongs. | | organizationMapping | [EnhancedSamlOrganizationMapping] | false | maxItems: 100 | The list of DataRobot organization to identity provider organization maps. | | roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 | The list of DataRobot access role to identity provider role maps. | | securityParameters | SamlSecurityParameters | false | | The object that contains SAML specific directives. | | sessionLengthSeconds | integer | true | | Time window for the authentication session via IDP | | signOnUrl | string(uri) | false | | URL to sign on via SSO. | | signOutUrl | string(uri) | false | | URL to sign out via SSO. | | spRequestMethod | string | true | | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. | ### Enumerated Values | Property | Value | | --- | --- | | configurationType | [MANUAL, METADATA, METADATA_URL] | | idpResponseMethod | [POST, REDIRECT] | | spRequestMethod | [POST, REDIRECT] | ## EnhancedEncryptionKeypairs ``` { "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | cert_file | string | false | | Path to the pem file with a single certificate. | | cert_file_value | string | false | | A single certificate pem file content as a single string. Has priority over cert_file. | | key_file | string | false | | Path to the private key pem file. | | key_file_value | string | false | | The private key pem file content as a single string. Has priority over key_file. | ## EnhancedSamlAttributeMapping ``` { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" } ``` Attribute mapping between DataRobot and IdP. ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | displayName | string | false | | Display name. | | email | string | false | | Email. | | firstName | string | false | | First name. | | group | string | false | | Group. | | impersonationUser | string | false | | Impersonation user. | | lastName | string | false | | Last name. | | organization | string | false | | Organization. | | role | string | false | | Role. | | username | string | false | | Username. | ## EnhancedSamlClientConfig ``` { "description": "Encryption related parameters.", "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "encryption_keypairs": { "description": "Indicates which certificates will be used for encryption capabilities.", "items": { "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" }, "maxItems": 100, "type": "array" }, "id_attr_name": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "id_attr_name_crypto": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" } ``` Encryption related parameters. ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | cert_file | string | false | | Path to the pem file with a single certificate. | | cert_file_value | string | false | | A single certificate pem file content as a single string. Has priority over cert_file. | | encryption_keypairs | [EnhancedEncryptionKeypairs] | false | maxItems: 100 | Indicates which certificates will be used for encryption capabilities. | | id_attr_name | string | false | | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | | id_attr_name_crypto | string | false | | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | | key_file | string | false | | Path to the private key pem file. | | key_file_value | string | false | | The private key pem file content as a single string. Has priority over key_file. | ## EnhancedSamlGroupMapping ``` { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "idpGroupId": { "description": "Name of the identity provider group", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | datarobotGroupId | string | true | | DataRobot group ID. | | idpGroupId | string | true | | Name of the identity provider group | ## EnhancedSamlOrganizationMapping ``` { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "idpOrganizationId": { "description": "Name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | datarobotOrganizationId | string | true | | DataRobot organization ID. | | idpOrganizationId | string | true | | Name of the identity provider organization. | ## EnhancedSamlRoleMapping ``` { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | datarobotRoleId | string | true | | DataRobot access role ID. | | idpRoleId | string | true | | Name of the identity provider role. | ## EnhancedSsoConfigurationResponse ``` { "properties": { "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupDelimiter": { "description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "datarobotGroupName": { "description": "DataRobot group name.", "type": "string" }, "idpGroupId": { "description": "A name of the identity provider group.", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "id": { "description": "SSO configuration ID.", "type": "string" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "default": "POST", "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": [ "string", "null" ] }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "datarobotOrganizationName": { "description": "DataRobot organization name.", "type": "string" }, "idpOrganizationId": { "description": "A name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleDelimiter": { "description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.", "type": "string" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "default": 604800, "description": "Time window for the authentication session via IDP", "exclusiveMinimum": 0, "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "default": "REDIRECT", "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "required": [ "configurationType", "enableSso", "enforceSso", "entityId", "id", "idpResponseMethod", "name", "sessionLengthSeconds", "spRequestMethod" ], "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | attributeMapping | EnhancedSamlAttributeMapping | false | | Attribute mapping between DataRobot and IdP. | | autoGenerateUsers | boolean | false | | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | | certificate | SamlCertificate | false | | Certificate to be used by IdP. | | configurationType | string | true | | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided. | | enableSso | boolean | true | | Defines if SSO is enabled. | | enforceSso | boolean | true | | Defines if SSO is enforced. | | entityId | string | true | | The globally unique identifier of the entity. Provided by IdP service. | | groupDelimiter | string | false | | A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list. | | groupMapping | [SamlGroupMappingResponse] | false | maxItems: 100 | The list of DataRobot group to identity provider group maps. | | id | string | true | | SSO configuration ID. | | idpMetadata | SamlMetadataFile | false | | XML document, IdP SSO descriptor. Provided by IdP service. | | idpMetadataHttpsVerify | boolean | false | | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. | | idpMetadataUrl | string(uri) | false | | URL to the IdP SSO descriptor. Provided by IdP service. | | idpResponseMethod | string | true | | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | | issuer | string,null | false | | Optional Issuer field that may be required by IdP. | | name | string | true | | The name of the SSO configuration. | | organizationId | string | false | | The organization ID to which the SSO config belongs. | | organizationMapping | [SamlOrganizationMappingResponse] | false | maxItems: 100 | The list of DataRobot organization to identity provider organization maps. | | roleDelimiter | string | false | | A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list. | | roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 | The list of DataRobot access role to identity provider role maps. | | securityParameters | SamlSecurityParameters | false | | The object that contains SAML specific directives. | | sessionLengthSeconds | integer | true | | Time window for the authentication session via IDP | | signOnUrl | string(uri) | false | | URL to sign on via SSO. | | signOutUrl | string(uri) | false | | URL to sign out via SSO. | | spRequestMethod | string | true | | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. | ### Enumerated Values | Property | Value | | --- | --- | | configurationType | [MANUAL, METADATA, METADATA_URL] | | idpResponseMethod | [POST, REDIRECT] | | spRequestMethod | [POST, REDIRECT] | ## ListSsoConfigurationResponse ``` { "properties": { "count": { "description": "Number of SSO configurations returned.", "minimum": 0, "type": "integer" }, "data": { "description": "SSO configuration.", "items": { "properties": { "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata.\n It can be one of the following: `METADATA` - when IDP metadata is provided in the\n config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and\n `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupDelimiter": { "description": "A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "datarobotGroupName": { "description": "DataRobot group name.", "type": "string" }, "idpGroupId": { "description": "A name of the identity provider group.", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "id": { "description": "SSO configuration ID.", "type": "string" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.\n To avoid security vulnerabilities, only set to False when a trusted server has a\n self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "default": "POST", "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": [ "string", "null" ] }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "datarobotOrganizationName": { "description": "DataRobot organization name.", "type": "string" }, "idpOrganizationId": { "description": "A name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleDelimiter": { "description": "A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.", "type": "string" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "default": 604800, "description": "Time window for the authentication session via IDP", "exclusiveMinimum": 0, "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "default": "REDIRECT", "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "required": [ "configurationType", "enableSso", "enforceSso", "entityId", "id", "idpResponseMethod", "name", "sessionLengthSeconds", "spRequestMethod" ], "type": "object" }, "maxItems": 1000, "type": "array" }, "next": { "description": "Link to the next page of the SSO configurations.", "type": [ "string", "null" ] }, "previous": { "description": "Link to the previous page of the SSO configurations.", "type": [ "string", "null" ] }, "totalCount": { "description": "Total number of SSO configurations.", "minimum": 0, "type": "integer" } }, "required": [ "count", "data", "next", "previous", "totalCount" ], "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | count | integer | true | minimum: 0 | Number of SSO configurations returned. | | data | [EnhancedSsoConfigurationResponse] | true | maxItems: 1000 | SSO configuration. | | next | string,null | true | | Link to the next page of the SSO configurations. | | previous | string,null | true | | Link to the previous page of the SSO configurations. | | totalCount | integer | true | minimum: 0 | Total number of SSO configurations. | ## SamlAdvancedConfiguration ``` { "description": "An object containing SSO client advanced parameters.", "properties": { "digestAlgorithm": { "description": "Algorithm for calculating digest.", "enum": [ "DIGEST_RIPEMD160", "DIGEST_SHA1", "DIGEST_SHA224", "DIGEST_SHA256", "DIGEST_SHA384", "DIGEST_SHA512" ], "type": "string" }, "samlAttributesMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "samlClientConfiguration": { "description": "Encryption related parameters.", "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "encryption_keypairs": { "description": "Indicates which certificates will be used for encryption capabilities.", "items": { "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" }, "maxItems": 100, "type": "array" }, "id_attr_name": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "id_attr_name_crypto": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" }, "signatureAlgorithm": { "description": "Algorithm for calculating signature.", "enum": [ "SIG_RSA_SHA1", "SIG_RSA_SHA224", "SIG_RSA_SHA256", "SIG_RSA_SHA384", "SIG_RSA_SHA512" ], "type": "string" } }, "required": [ "samlAttributesMapping", "samlClientConfiguration" ], "type": "object" } ``` An object containing SSO client advanced parameters. ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | digestAlgorithm | string | false | | Algorithm for calculating digest. | | samlAttributesMapping | EnhancedSamlAttributeMapping | true | | Attribute mapping between DataRobot and IdP. | | samlClientConfiguration | EnhancedSamlClientConfig | true | | Encryption related parameters. | | signatureAlgorithm | string | false | | Algorithm for calculating signature. | ### Enumerated Values | Property | Value | | --- | --- | | digestAlgorithm | [DIGEST_RIPEMD160, DIGEST_SHA1, DIGEST_SHA224, DIGEST_SHA256, DIGEST_SHA384, DIGEST_SHA512] | | signatureAlgorithm | [SIG_RSA_SHA1, SIG_RSA_SHA224, SIG_RSA_SHA256, SIG_RSA_SHA384, SIG_RSA_SHA512] | ## SamlCertificate ``` { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" } ``` Certificate to be used by IdP. ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | fileName | string | false | | Path to certificate file. | | value | string | true | | Certificate content. | ## SamlGroupMappingResponse ``` { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "datarobotGroupName": { "description": "DataRobot group name.", "type": "string" }, "idpGroupId": { "description": "A name of the identity provider group.", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | datarobotGroupId | string | true | | DataRobot group ID. | | datarobotGroupName | string | false | | DataRobot group name. | | idpGroupId | string | true | | A name of the identity provider group. | ## SamlMetadataFile ``` { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" } ``` XML document, IdP SSO descriptor. Provided by IdP service. ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | fileName | string | true | | Path to IdP metadata file. | | value | string | true | | IdP metadata. | ## SamlOrganizationMappingResponse ``` { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "datarobotOrganizationName": { "description": "DataRobot organization name.", "type": "string" }, "idpOrganizationId": { "description": "A name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | datarobotOrganizationId | string | true | | DataRobot organization ID. | | datarobotOrganizationName | string | false | | DataRobot organization name. | | idpOrganizationId | string | true | | A name of the identity provider organization. | ## SamlSecurityParameters ``` { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" } ``` The object that contains SAML specific directives. ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | allowUnsolicited | boolean | false | | Allow unsolicited. | | authnRequestsSigned | boolean | false | | Sign auth requests. | | logoutRequestsSigned | boolean | false | | Sign logout requests. | | wantAssertionsSigned | boolean | false | | Sign assertions. | | wantResponseSigned | boolean | false | | Sign response. | ## UpdateSsoConfiguration ``` { "properties": { "advancedConfiguration": { "description": "An object containing SSO client advanced parameters.", "properties": { "digestAlgorithm": { "description": "Algorithm for calculating digest.", "enum": [ "DIGEST_RIPEMD160", "DIGEST_SHA1", "DIGEST_SHA224", "DIGEST_SHA256", "DIGEST_SHA384", "DIGEST_SHA512" ], "type": "string" }, "samlAttributesMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "samlClientConfiguration": { "description": "Encryption related parameters.", "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "encryption_keypairs": { "description": "Indicates which certificates will be used for encryption capabilities.", "items": { "properties": { "cert_file": { "description": "Path to the pem file with a single certificate.", "type": "string" }, "cert_file_value": { "description": "A single certificate pem file content as a single string. Has priority over cert_file.", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" }, "maxItems": 100, "type": "array" }, "id_attr_name": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "id_attr_name_crypto": { "description": "Attribute is required to be set to 'Id' value when Okta encrypted assertions are used", "type": "string" }, "key_file": { "description": "Path to the private key pem file.", "type": "string" }, "key_file_value": { "description": "The private key pem file content as a single string. Has priority over key_file.", "type": "string" } }, "type": "object" }, "signatureAlgorithm": { "description": "Algorithm for calculating signature.", "enum": [ "SIG_RSA_SHA1", "SIG_RSA_SHA224", "SIG_RSA_SHA256", "SIG_RSA_SHA384", "SIG_RSA_SHA512" ], "type": "string" } }, "required": [ "samlAttributesMapping", "samlClientConfiguration" ], "type": "object" }, "attributeMapping": { "description": "Attribute mapping between DataRobot and IdP.", "properties": { "displayName": { "description": "Display name.", "type": "string" }, "email": { "description": "Email.", "type": "string" }, "firstName": { "description": "First name.", "type": "string" }, "group": { "description": "Group.", "type": "string" }, "impersonationUser": { "description": "Impersonation user.", "type": "string" }, "lastName": { "description": "Last name.", "type": "string" }, "organization": { "description": "Organization.", "type": "string", "x-versionadded": "v2.37" }, "role": { "description": "Role.", "type": "string" }, "username": { "description": "Username.", "type": "string" } }, "type": "object" }, "autoGenerateUsers": { "description": "determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.", "type": "boolean" }, "certificate": { "description": "Certificate to be used by IdP.", "properties": { "fileName": { "description": "Path to certificate file.", "type": "string" }, "value": { "description": "Certificate content.", "type": "string" } }, "required": [ "value" ], "type": "object" }, "configurationType": { "description": "The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: `METADATA` - when IDP metadata is provided in the config, `METADATA_URL` - when an URL for metadata retrieval is provided in the config and `MANUAL` - when IDP sign-on/sign-out URLs and certificate are provided.", "enum": [ "MANUAL", "METADATA", "METADATA_URL" ], "type": "string" }, "enableSso": { "description": "Defines if SSO is enabled.", "type": "boolean" }, "enforceSso": { "description": "Defines if SSO is enforced.", "type": "boolean" }, "entityId": { "description": "The globally unique identifier of the entity. Provided by IdP service.", "type": "string" }, "groupMapping": { "description": "The list of DataRobot group to identity provider group maps.", "items": { "properties": { "datarobotGroupId": { "description": "DataRobot group ID.", "type": "string" }, "idpGroupId": { "description": "Name of the identity provider group", "type": "string" } }, "required": [ "datarobotGroupId", "idpGroupId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "idpMetadata": { "description": "XML document, IdP SSO descriptor. Provided by IdP service.", "properties": { "fileName": { "description": "Path to IdP metadata file.", "type": "string" }, "value": { "description": "IdP metadata.", "type": "string" } }, "required": [ "fileName", "value" ], "type": "object" }, "idpMetadataHttpsVerify": { "description": "When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.", "type": "boolean" }, "idpMetadataUrl": { "description": "URL to the IdP SSO descriptor. Provided by IdP service.", "format": "uri", "type": "string" }, "idpResponseMethod": { "description": "Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.", "enum": [ "POST", "REDIRECT" ], "type": "string" }, "issuer": { "description": "Optional Issuer field that may be required by IdP.", "type": "string" }, "name": { "description": "The name of the SSO configuration.", "type": "string" }, "organizationId": { "description": "The organization ID to which the SSO config belongs.", "type": "string" }, "organizationMapping": { "description": "The list of DataRobot organization to identity provider organization maps.", "items": { "properties": { "datarobotOrganizationId": { "description": "DataRobot organization ID.", "type": "string" }, "idpOrganizationId": { "description": "Name of the identity provider organization.", "type": "string" } }, "required": [ "datarobotOrganizationId", "idpOrganizationId" ], "type": "object", "x-versionadded": "v2.37" }, "maxItems": 100, "type": "array", "x-versionadded": "v2.37" }, "roleMapping": { "description": "The list of DataRobot access role to identity provider role maps.", "items": { "properties": { "datarobotRoleId": { "description": "DataRobot access role ID.", "type": "string" }, "idpRoleId": { "description": "Name of the identity provider role.", "type": "string" } }, "required": [ "datarobotRoleId", "idpRoleId" ], "type": "object" }, "maxItems": 100, "type": "array" }, "securityParameters": { "description": "The object that contains SAML specific directives.", "properties": { "allowUnsolicited": { "description": "Allow unsolicited.", "type": "boolean" }, "authnRequestsSigned": { "description": "Sign auth requests.", "type": "boolean" }, "logoutRequestsSigned": { "description": "Sign logout requests.", "type": "boolean" }, "wantAssertionsSigned": { "description": "Sign assertions.", "type": "boolean" }, "wantResponseSigned": { "description": "Sign response.", "type": "boolean" } }, "type": "object" }, "sessionLengthSeconds": { "description": "Time window for the authentication session via IdP.", "type": "integer" }, "signOnUrl": { "description": "URL to sign on via SSO.", "format": "uri", "type": "string" }, "signOutUrl": { "description": "URL to sign out via SSO.", "format": "uri", "type": "string" }, "spRequestMethod": { "description": "Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.", "enum": [ "POST", "REDIRECT" ], "type": "string" } }, "type": "object" } ``` ### Properties | Name | Type | Required | Restrictions | Description | | --- | --- | --- | --- | --- | | advancedConfiguration | SamlAdvancedConfiguration | false | | An object containing SSO client advanced parameters. | | attributeMapping | EnhancedSamlAttributeMapping | false | | Attribute mapping between DataRobot and IdP. | | autoGenerateUsers | boolean | false | | determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | | certificate | SamlCertificate | false | | Certificate to be used by IdP. | | configurationType | string | false | | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided. | | enableSso | boolean | false | | Defines if SSO is enabled. | | enforceSso | boolean | false | | Defines if SSO is enforced. | | entityId | string | false | | The globally unique identifier of the entity. Provided by IdP service. | | groupMapping | [EnhancedSamlGroupMapping] | false | maxItems: 100 | The list of DataRobot group to identity provider group maps. | | idpMetadata | SamlMetadataFile | false | | XML document, IdP SSO descriptor. Provided by IdP service. | | idpMetadataHttpsVerify | boolean | false | | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. | | idpMetadataUrl | string(uri) | false | | URL to the IdP SSO descriptor. Provided by IdP service. | | idpResponseMethod | string | false | | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | | issuer | string | false | | Optional Issuer field that may be required by IdP. | | name | string | false | | The name of the SSO configuration. | | organizationId | string | false | | The organization ID to which the SSO config belongs. | | organizationMapping | [EnhancedSamlOrganizationMapping] | false | maxItems: 100 | The list of DataRobot organization to identity provider organization maps. | | roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 | The list of DataRobot access role to identity provider role maps. | | securityParameters | SamlSecurityParameters | false | | The object that contains SAML specific directives. | | sessionLengthSeconds | integer | false | | Time window for the authentication session via IdP. | | signOnUrl | string(uri) | false | | URL to sign on via SSO. | | signOutUrl | string(uri) | false | | URL to sign out via SSO. | | spRequestMethod | string | false | | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. | ### Enumerated Values | Property | Value | | --- | --- | | configurationType | [MANUAL, METADATA, METADATA_URL] | | idpResponseMethod | [POST, REDIRECT] | | spRequestMethod | [POST, REDIRECT] |