SSO Configuration¶
This page outlines the operations, endpoints, parameters, and example requests and responses for the SSO Configuration.
GET /api/v2/ssoConfigurations/¶
List the sso configurations that correspond to provided conditions.
Code samples¶
# You can also use wget
curl -X GET https://app.datarobot.com/api/v2/ssoConfigurations/ \
-H "Accept: application/json" \
-H "Authorization: Bearer {access-token}"
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
offset | query | integer | false | The number of records to skip over. |
limit | query | integer | false | The number of records to return. |
orgId | query | string | false | The ID of the organization. |
Example responses¶
200 Response
{
"count": 0,
"data": [
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
],
"next": "string",
"previous": "string",
"totalCount": 0
}
Responses¶
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | List of sso configurations. | ListSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
POST /api/v2/ssoConfigurations/¶
Create an SSO configuration for a specific organization
Code samples¶
# You can also use wget
curl -X POST https://app.datarobot.com/api/v2/ssoConfigurations/ \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer {access-token}"
Body parameter¶
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | CreateSsoConfiguration | false | none |
Example responses¶
200 Response
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Responses¶
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | Configuration created successfully | EnhancedSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
GET /api/v2/ssoConfigurations/{configurationId}/¶
Retrieve SSO configuration of a specific organization.
Code samples¶
# You can also use wget
curl -X GET https://app.datarobot.com/api/v2/ssoConfigurations/{configurationId}/ \
-H "Accept: application/json" \
-H "Authorization: Bearer {access-token}"
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
Example responses¶
200 Response
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Responses¶
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | SSO configuration. | EnhancedSsoConfigurationResponse |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
PATCH /api/v2/ssoConfigurations/{configurationId}/¶
Update an SSO configuration for a specific organization.
Code samples¶
# You can also use wget
curl -X PATCH https://app.datarobot.com/api/v2/ssoConfigurations/{configurationId}/ \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {access-token}"
Body parameter¶
{
"advancedConfiguration": {
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
},
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 0,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
configurationId | path | string | true | The ID of the organization to retrieve SSO config for. |
body | body | UpdateSsoConfiguration | false | none |
Responses¶
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | none | None |
To perform this operation, you must be authenticated by means of one of the following methods:
BearerAuth
Schemas¶
CreateSsoConfiguration
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between DataRobot and IdP. | |
autoGenerateUsers | boolean | false | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
certificate | SamlCertificate | false | Certificate to be used by IdP. | |
configurationType | string | true | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
enableSso | boolean | true | Defines if SSO is enabled. | |
enforceSso | boolean | true | Defines if SSO is enforced. | |
entityId | string | true | The globally unique identifier of the entity. Provided by IdP service. | |
groupMapping | [EnhancedSamlGroupMapping] | false | maxItems: 100 |
The list of DataRobot group to identity provider group maps. |
idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
|
idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
idpResponseMethod | string | true | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
issuer | string | false | Optional Issuer field that may be required by IdP. | |
name | string | true | The name of the SSO configuration. | |
organizationId | string | false | The organization ID to which the SSO config belongs. | |
roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 |
The list of DataRobot access role to identity provider role maps. |
securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
sessionLengthSeconds | integer | true | minimum: 0 (exclusive) |
Time window for the authentication session via IDP |
signOnUrl | string(uri) | false | URL to sign on via SSO. | |
signOutUrl | string(uri) | false | URL to sign out via SSO. | |
spRequestMethod | string | true | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
Property | Value |
---|---|
configurationType | [MANUAL , METADATA , METADATA_URL ] |
idpResponseMethod | [POST , REDIRECT ] |
spRequestMethod | [POST , REDIRECT ] |
EnhancedEncryptionKeypairs
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
cert_file | string | false | Path to the pem file with a single certificate. | |
cert_file_value | string | false | A single certificate pem file content as a single string. Has priority over cert_file. | |
key_file | string | false | Path to the private key pem file. | |
key_file_value | string | false | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlAttributeMapping
{
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
}
Attribute mapping between DataRobot and IdP.
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
displayName | string | false | Display name. | |
string | false | Email. | ||
firstName | string | false | First name. | |
group | string | false | Group. | |
impersonationUser | string | false | Impersonation user. | |
lastName | string | false | Last name. | |
role | string | false | Role. | |
username | string | false | Username. |
EnhancedSamlClientConfig
{
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
}
Encryption related parameters.
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
cert_file | string | false | Path to the pem file with a single certificate. | |
cert_file_value | string | false | A single certificate pem file content as a single string. Has priority over cert_file. | |
encryption_keypairs | [EnhancedEncryptionKeypairs] | false | maxItems: 100 |
Indicates which certificates will be used for encryption capabilities. |
id_attr_name | string | false | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | |
id_attr_name_crypto | string | false | Attribute is required to be set to 'Id' value when Okta encrypted assertions are used | |
key_file | string | false | Path to the private key pem file. | |
key_file_value | string | false | The private key pem file content as a single string. Has priority over key_file. |
EnhancedSamlGroupMapping
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
datarobotGroupId | string | true | DataRobot group ID. | |
idpGroupId | string | true | Name of the identity provider group |
EnhancedSamlRoleMapping
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
datarobotRoleId | string | true | DataRobot access role ID. | |
idpRoleId | string | true | Name of the identity provider role. |
EnhancedSsoConfigurationResponse
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between DataRobot and IdP. | |
autoGenerateUsers | boolean | false | Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
certificate | SamlCertificate | false | Certificate to be used by IdP. | |
configurationType | string | true | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in theconfig, METADATA_URL - when an URL for metadata retrieval is provided in the config andMANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
enableSso | boolean | true | Defines if SSO is enabled. | |
enforceSso | boolean | true | Defines if SSO is enforced. | |
entityId | string | true | The globally unique identifier of the entity. Provided by IdP service. | |
groupDelimiter | string | false | A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list. | |
groupMapping | [SamlGroupMappingResponse] | false | maxItems: 100 |
The list of DataRobot group to identity provider group maps. |
id | string | true | SSO configuration ID. | |
idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. |
|
idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
idpResponseMethod | string | true | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
issuer | string¦null | false | Optional Issuer field that may be required by IdP. | |
name | string | true | The name of the SSO configuration. | |
organizationId | string | false | The organization ID to which the SSO config belongs. | |
roleDelimiter | string | false | A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list. | |
roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 |
The list of DataRobot access role to identity provider role maps. |
securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
sessionLengthSeconds | integer | true | minimum: 0 (exclusive) |
Time window for the authentication session via IDP |
signOnUrl | string(uri) | false | URL to sign on via SSO. | |
signOutUrl | string(uri) | false | URL to sign out via SSO. | |
spRequestMethod | string | true | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
Property | Value |
---|---|
configurationType | [MANUAL , METADATA , METADATA_URL ] |
idpResponseMethod | [POST , REDIRECT ] |
spRequestMethod | [POST , REDIRECT ] |
ListSsoConfigurationResponse
{
"count": 0,
"data": [
{
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupDelimiter": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
],
"id": "string",
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleDelimiter": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 604800,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
],
"next": "string",
"previous": "string",
"totalCount": 0
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
count | integer | true | minimum: 0 |
Number of SSO configurations returned. |
data | [EnhancedSsoConfigurationResponse] | true | maxItems: 1000 |
SSO configuration. |
next | string¦null | true | Link to the next page of the SSO configurations. | |
previous | string¦null | true | Link to the previous page of the SSO configurations. | |
totalCount | integer | true | minimum: 0 |
Total number of SSO configurations. |
SamlAdvancedConfiguration
{
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
}
An object containing SSO client advanced parameters.
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
digestAlgorithm | string | false | Algorithm for calculating digest. | |
samlAttributesMapping | EnhancedSamlAttributeMapping | true | Attribute mapping between DataRobot and IdP. | |
samlClientConfiguration | EnhancedSamlClientConfig | true | Encryption related parameters. | |
signatureAlgorithm | string | false | Algorithm for calculating signature. |
Enumerated Values¶
Property | Value |
---|---|
digestAlgorithm | [DIGEST_RIPEMD160 , DIGEST_SHA1 , DIGEST_SHA224 , DIGEST_SHA256 , DIGEST_SHA384 , DIGEST_SHA512 ] |
signatureAlgorithm | [SIG_RSA_SHA1 , SIG_RSA_SHA224 , SIG_RSA_SHA256 , SIG_RSA_SHA384 , SIG_RSA_SHA512 ] |
SamlCertificate
{
"fileName": "string",
"value": "string"
}
Certificate to be used by IdP.
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
fileName | string | false | Path to certificate file. | |
value | string | true | Certificate content. |
SamlGroupMappingResponse
{
"datarobotGroupId": "string",
"datarobotGroupName": "string",
"idpGroupId": "string"
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
datarobotGroupId | string | true | DataRobot group ID. | |
datarobotGroupName | string | false | DataRobot group name. | |
idpGroupId | string | true | A name of the identity provider group. |
SamlMetadataFile
{
"fileName": "string",
"value": "string"
}
XML document, IdP SSO descriptor. Provided by IdP service.
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
fileName | string | true | Path to IdP metadata file. | |
value | string | true | IdP metadata. |
SamlSecurityParameters
{
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
}
The object that contains SAML specific directives.
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
allowUnsolicited | boolean | false | Allow unsolicited. | |
authnRequestsSigned | boolean | false | Sign auth requests. | |
logoutRequestsSigned | boolean | false | Sign logout requests. | |
wantAssertionsSigned | boolean | false | Sign assertions. | |
wantResponseSigned | boolean | false | Sign response. |
UpdateSsoConfiguration
{
"advancedConfiguration": {
"digestAlgorithm": "DIGEST_RIPEMD160",
"samlAttributesMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"samlClientConfiguration": {
"cert_file": "string",
"cert_file_value": "string",
"encryption_keypairs": [
{
"cert_file": "string",
"cert_file_value": "string",
"key_file": "string",
"key_file_value": "string"
}
],
"id_attr_name": "string",
"id_attr_name_crypto": "string",
"key_file": "string",
"key_file_value": "string"
},
"signatureAlgorithm": "SIG_RSA_SHA1"
},
"attributeMapping": {
"displayName": "string",
"email": "string",
"firstName": "string",
"group": "string",
"impersonationUser": "string",
"lastName": "string",
"role": "string",
"username": "string"
},
"autoGenerateUsers": true,
"certificate": {
"fileName": "string",
"value": "string"
},
"configurationType": "MANUAL",
"enableSso": true,
"enforceSso": true,
"entityId": "string",
"groupMapping": [
{
"datarobotGroupId": "string",
"idpGroupId": "string"
}
],
"idpMetadata": {
"fileName": "string",
"value": "string"
},
"idpMetadataHttpsVerify": true,
"idpMetadataUrl": "http://example.com",
"idpResponseMethod": "POST",
"issuer": "string",
"name": "string",
"organizationId": "string",
"roleMapping": [
{
"datarobotRoleId": "string",
"idpRoleId": "string"
}
],
"securityParameters": {
"allowUnsolicited": true,
"authnRequestsSigned": true,
"logoutRequestsSigned": true,
"wantAssertionsSigned": true,
"wantResponseSigned": true
},
"sessionLengthSeconds": 0,
"signOnUrl": "http://example.com",
"signOutUrl": "http://example.com",
"spRequestMethod": "POST"
}
Properties¶
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
advancedConfiguration | SamlAdvancedConfiguration | false | An object containing SSO client advanced parameters. | |
attributeMapping | EnhancedSamlAttributeMapping | false | Attribute mapping between DataRobot and IdP. | |
autoGenerateUsers | boolean | false | determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application. | |
certificate | SamlCertificate | false | Certificate to be used by IdP. | |
configurationType | string | false | The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided. |
|
enableSso | boolean | false | Defines if SSO is enabled. | |
enforceSso | boolean | false | Defines if SSO is enforced. | |
entityId | string | false | The globally unique identifier of the entity. Provided by IdP service. | |
groupMapping | [EnhancedSamlGroupMapping] | false | maxItems: 100 |
The list of DataRobot group to identity provider group maps. |
idpMetadata | SamlMetadataFile | false | XML document, IdP SSO descriptor. Provided by IdP service. | |
idpMetadataHttpsVerify | boolean | false | When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate. | |
idpMetadataUrl | string(uri) | false | URL to the IdP SSO descriptor. Provided by IdP service. | |
idpResponseMethod | string | false | Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side. | |
issuer | string | false | Optional Issuer field that may be required by IdP. | |
name | string | false | The name of the SSO configuration. | |
organizationId | string | false | The organization ID to which the SSO config belongs. | |
roleMapping | [EnhancedSamlRoleMapping] | false | maxItems: 100 |
The list of DataRobot access role to identity provider role maps. |
securityParameters | SamlSecurityParameters | false | The object that contains SAML specific directives. | |
sessionLengthSeconds | integer | false | Time window for the authentication session via IdP. | |
signOnUrl | string(uri) | false | URL to sign on via SSO. | |
signOutUrl | string(uri) | false | URL to sign out via SSO. | |
spRequestMethod | string | false | Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form. |
Enumerated Values¶
Property | Value |
---|---|
configurationType | [MANUAL , METADATA , METADATA_URL ] |
idpResponseMethod | [POST , REDIRECT ] |
spRequestMethod | [POST , REDIRECT ] |