Skip to content

アプリケーション内で をクリックすると、お使いのDataRobotバージョンに関する全プラットフォームドキュメントにアクセスできます。

SSO Configuration

This page outlines the operations, endpoints, parameters, and example requests and responses for the SSO Configuration.

GET /api/v2/ssoConfigurations/

List the sso configurations that correspond to provided conditions.

Code samples

# You can also use wget
curl -X GET https://app.datarobot.com/api/v2/ssoConfigurations/ \
  -H "Accept: application/json" \
  -H "Authorization: Bearer {access-token}"

Parameters

Name In Type Required Description
offset query integer false The number of records to skip over.
limit query integer false The number of records to return.
orgId query string false The ID of the organization.

Example responses

200 Response

{
  "count": 0,
  "data": [
    {
      "attributeMapping": {
        "displayName": "string",
        "email": "string",
        "firstName": "string",
        "group": "string",
        "impersonationUser": "string",
        "lastName": "string",
        "role": "string",
        "username": "string"
      },
      "autoGenerateUsers": true,
      "certificate": {
        "fileName": "string",
        "value": "string"
      },
      "configurationType": "MANUAL",
      "enableSso": true,
      "enforceSso": true,
      "entityId": "string",
      "groupDelimiter": "string",
      "groupMapping": [
        {
          "datarobotGroupId": "string",
          "datarobotGroupName": "string",
          "idpGroupId": "string"
        }
      ],
      "id": "string",
      "idpMetadata": {
        "fileName": "string",
        "value": "string"
      },
      "idpMetadataHttpsVerify": true,
      "idpMetadataUrl": "http://example.com",
      "idpResponseMethod": "POST",
      "issuer": "string",
      "name": "string",
      "organizationId": "string",
      "roleDelimiter": "string",
      "roleMapping": [
        {
          "datarobotRoleId": "string",
          "idpRoleId": "string"
        }
      ],
      "securityParameters": {
        "allowUnsolicited": true,
        "authnRequestsSigned": true,
        "logoutRequestsSigned": true,
        "wantAssertionsSigned": true,
        "wantResponseSigned": true
      },
      "sessionLengthSeconds": 604800,
      "signOnUrl": "http://example.com",
      "signOutUrl": "http://example.com",
      "spRequestMethod": "POST"
    }
  ],
  "next": "string",
  "previous": "string",
  "totalCount": 0
}

Responses

Status Meaning Description Schema
200 OK List of sso configurations. ListSsoConfigurationResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

POST /api/v2/ssoConfigurations/

Create an SSO configuration for a specific organization

Code samples

# You can also use wget
curl -X POST https://app.datarobot.com/api/v2/ssoConfigurations/ \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer {access-token}"

Body parameter

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "MANUAL",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Parameters

Name In Type Required Description
body body CreateSsoConfiguration false none

Example responses

200 Response

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "MANUAL",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupDelimiter": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "datarobotGroupName": "string",
      "idpGroupId": "string"
    }
  ],
  "id": "string",
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleDelimiter": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Responses

Status Meaning Description Schema
200 OK Configuration created successfully EnhancedSsoConfigurationResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

GET /api/v2/ssoConfigurations/{configurationId}/

Retrieve SSO configuration of a specific organization.

Code samples

# You can also use wget
curl -X GET https://app.datarobot.com/api/v2/ssoConfigurations/{configurationId}/ \
  -H "Accept: application/json" \
  -H "Authorization: Bearer {access-token}"

Parameters

Name In Type Required Description
configurationId path string true The ID of the organization to retrieve SSO config for.

Example responses

200 Response

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "MANUAL",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupDelimiter": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "datarobotGroupName": "string",
      "idpGroupId": "string"
    }
  ],
  "id": "string",
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleDelimiter": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Responses

Status Meaning Description Schema
200 OK SSO configuration. EnhancedSsoConfigurationResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

PATCH /api/v2/ssoConfigurations/{configurationId}/

Update an SSO configuration for a specific organization.

Code samples

# You can also use wget
curl -X PATCH https://app.datarobot.com/api/v2/ssoConfigurations/{configurationId}/ \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {access-token}"

Body parameter

{
  "advancedConfiguration": {
    "digestAlgorithm": "DIGEST_RIPEMD160",
    "samlAttributesMapping": {
      "displayName": "string",
      "email": "string",
      "firstName": "string",
      "group": "string",
      "impersonationUser": "string",
      "lastName": "string",
      "role": "string",
      "username": "string"
    },
    "samlClientConfiguration": {
      "cert_file": "string",
      "cert_file_value": "string",
      "encryption_keypairs": [
        {
          "cert_file": "string",
          "cert_file_value": "string",
          "key_file": "string",
          "key_file_value": "string"
        }
      ],
      "id_attr_name": "string",
      "id_attr_name_crypto": "string",
      "key_file": "string",
      "key_file_value": "string"
    },
    "signatureAlgorithm": "SIG_RSA_SHA1"
  },
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "MANUAL",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 0,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Parameters

Name In Type Required Description
configurationId path string true The ID of the organization to retrieve SSO config for.
body body UpdateSsoConfiguration false none

Responses

Status Meaning Description Schema
200 OK none None

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

Schemas

CreateSsoConfiguration

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "MANUAL",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Properties

Name Type Required Restrictions Description
attributeMapping EnhancedSamlAttributeMapping false Attribute mapping between Datarobot and IdP.
autoGenerateUsers boolean false Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate SamlCertificate false certificate to be used by IdP.
configurationType string true The type of the SSO configuration, defines the source of SSO metadata.
It can be one of the following: METADATA - when IDP metadata is provided in the
config, METADATA_URL - when an URL for metadata retrieval is provided in the config and
MANUAL - when IDP sign-on/sign-out URLs and certificate are provided.
enableSso boolean true Defines if SSO is enabled.
enforceSso boolean true Defines if SSO is enforced.
entityId string true The globally unique identifier of the entity. Provided by IdP service.
groupMapping [EnhancedSamlGroupMapping] false The list of DataRobot group to identity provider group maps.
idpMetadata SamlMetadataFile false XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify boolean false When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.
To avoid security vulnerabilities, only set to False when a trusted server has a
self-signed certificate.
idpMetadataUrl string(uri) false URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod string true Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer string false Optional Issuer field that may be required by IdP.
name string true The name of the SSO configuration.
organizationId string false The organization ID to which the SSO config belongs.
roleMapping [EnhancedSamlRoleMapping] false The list of DataRobot access role to identity provider role maps.
securityParameters SamlSecurityParameters false The object that contains SAML specific directives.
sessionLengthSeconds integer true minimum: 0 (exclusive)
Time window for the authentication session via IDP
signOnUrl string(uri) false URL to sign on via SSO.
signOutUrl string(uri) false URL to sign out via SSO.
spRequestMethod string true Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.

Enumerated Values

Property Value
configurationType MANUAL
configurationType METADATA
configurationType METADATA_URL
idpResponseMethod POST
idpResponseMethod REDIRECT
spRequestMethod POST
spRequestMethod REDIRECT

EnhancedEncryptionKeypairs

{
  "cert_file": "string",
  "cert_file_value": "string",
  "key_file": "string",
  "key_file_value": "string"
}

Properties

Name Type Required Restrictions Description
cert_file string false Path to the pem file with a single certificate.
cert_file_value string false A single certificate pem file content as a single string. Has priority over cert_file.
key_file string false Path to the private key pem file.
key_file_value string false The private key pem file content as a single string. Has priority over key_file.

EnhancedSamlAttributeMapping

{
  "displayName": "string",
  "email": "string",
  "firstName": "string",
  "group": "string",
  "impersonationUser": "string",
  "lastName": "string",
  "role": "string",
  "username": "string"
}

Properties

Name Type Required Restrictions Description
displayName string false Display name.
email string false Email.
firstName string false First name.
group string false Group.
impersonationUser string false Impersonation user.
lastName string false Last name.
role string false Role.
username string false Username.

EnhancedSamlClientConfig

{
  "cert_file": "string",
  "cert_file_value": "string",
  "encryption_keypairs": [
    {
      "cert_file": "string",
      "cert_file_value": "string",
      "key_file": "string",
      "key_file_value": "string"
    }
  ],
  "id_attr_name": "string",
  "id_attr_name_crypto": "string",
  "key_file": "string",
  "key_file_value": "string"
}

Properties

Name Type Required Restrictions Description
cert_file string false Path to the pem file with a single certificate.
cert_file_value string false A single certificate pem file content as a single string. Has priority over cert_file.
encryption_keypairs [EnhancedEncryptionKeypairs] false Indicates which certificates will be used for encryption capabilities.
id_attr_name string false Attribute is required to be set to 'Id' value when Okta encrypted assertions are used
id_attr_name_crypto string false Attribute is required to be set to 'Id' value when Okta encrypted assertions are used
key_file string false Path to the private key pem file.
key_file_value string false The private key pem file content as a single string. Has priority over key_file.

EnhancedSamlGroupMapping

{
  "datarobotGroupId": "string",
  "idpGroupId": "string"
}

Properties

Name Type Required Restrictions Description
datarobotGroupId string true DataRobot group ID.
idpGroupId string true Name of the identity provider group

EnhancedSamlRoleMapping

{
  "datarobotRoleId": "string",
  "idpRoleId": "string"
}

Properties

Name Type Required Restrictions Description
datarobotRoleId string true DataRobot access role ID.
idpRoleId string true Name of the identity provider role.

EnhancedSsoConfigurationResponse

{
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "MANUAL",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupDelimiter": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "datarobotGroupName": "string",
      "idpGroupId": "string"
    }
  ],
  "id": "string",
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleDelimiter": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 604800,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Properties

Name Type Required Restrictions Description
attributeMapping EnhancedSamlAttributeMapping false Attribute mapping between DataRobot and IdP.
autoGenerateUsers boolean false Determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate SamlCertificate false Certificate to be used by IdP.
configurationType string true The type of the SSO configuration, defines the source of SSO metadata.
It can be one of the following: METADATA - when IDP metadata is provided in the
config, METADATA_URL - when an URL for metadata retrieval is provided in the config and
MANUAL - when IDP sign-on/sign-out URLs and certificate are provided.
enableSso boolean true Defines if SSO is enabled.
enforceSso boolean true Defines if SSO is enforced.
entityId string true The globally unique identifier of the entity. Provided by IdP service.
groupDelimiter string false A delimiter used to split IdP provided Group assertions if provided as a singledelimiter-separated list.
groupMapping [SamlGroupMappingResponse] false The list of DataRobot group to identity provider group maps.
id string true SSO configuration ID.
idpMetadata SamlMetadataFile false XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify boolean false When idp_metadata_url uses HTTPS, require the server to have a trusted certificate.
To avoid security vulnerabilities, only set to False when a trusted server has a
self-signed certificate.
idpMetadataUrl string(uri) false URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod string true Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer string¦null false Optional Issuer field that may be required by IdP.
name string true The name of the SSO configuration.
organizationId string false The organization ID to which the SSO config belongs.
roleDelimiter string false A delimiter used to split IdP provided Role assertions if provided as a singledelimiter-separated list.
roleMapping [EnhancedSamlRoleMapping] false The list of DataRobot access role to identity provider role maps.
securityParameters SamlSecurityParameters false The object that contains SAML specific directives.
sessionLengthSeconds integer true minimum: 0 (exclusive)
Time window for the authentication session via IDP
signOnUrl string(uri) false URL to sign on via SSO.
signOutUrl string(uri) false URL to sign out via SSO.
spRequestMethod string true Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.

Enumerated Values

Property Value
configurationType MANUAL
configurationType METADATA
configurationType METADATA_URL
idpResponseMethod POST
idpResponseMethod REDIRECT
spRequestMethod POST
spRequestMethod REDIRECT

ListSsoConfigurationResponse

{
  "count": 0,
  "data": [
    {
      "attributeMapping": {
        "displayName": "string",
        "email": "string",
        "firstName": "string",
        "group": "string",
        "impersonationUser": "string",
        "lastName": "string",
        "role": "string",
        "username": "string"
      },
      "autoGenerateUsers": true,
      "certificate": {
        "fileName": "string",
        "value": "string"
      },
      "configurationType": "MANUAL",
      "enableSso": true,
      "enforceSso": true,
      "entityId": "string",
      "groupDelimiter": "string",
      "groupMapping": [
        {
          "datarobotGroupId": "string",
          "datarobotGroupName": "string",
          "idpGroupId": "string"
        }
      ],
      "id": "string",
      "idpMetadata": {
        "fileName": "string",
        "value": "string"
      },
      "idpMetadataHttpsVerify": true,
      "idpMetadataUrl": "http://example.com",
      "idpResponseMethod": "POST",
      "issuer": "string",
      "name": "string",
      "organizationId": "string",
      "roleDelimiter": "string",
      "roleMapping": [
        {
          "datarobotRoleId": "string",
          "idpRoleId": "string"
        }
      ],
      "securityParameters": {
        "allowUnsolicited": true,
        "authnRequestsSigned": true,
        "logoutRequestsSigned": true,
        "wantAssertionsSigned": true,
        "wantResponseSigned": true
      },
      "sessionLengthSeconds": 604800,
      "signOnUrl": "http://example.com",
      "signOutUrl": "http://example.com",
      "spRequestMethod": "POST"
    }
  ],
  "next": "string",
  "previous": "string",
  "totalCount": 0
}

Properties

Name Type Required Restrictions Description
count integer true minimum: 0
Number of SSO configurations returned.
data [EnhancedSsoConfigurationResponse] true SSO configuration.
next string¦null true Link to the next page of the SSO configurations.
previous string¦null true Link to the previous page of the SSO configurations.
totalCount integer true minimum: 0
Total number of SSO configurations.

SamlAdvancedConfiguration

{
  "digestAlgorithm": "DIGEST_RIPEMD160",
  "samlAttributesMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "samlClientConfiguration": {
    "cert_file": "string",
    "cert_file_value": "string",
    "encryption_keypairs": [
      {
        "cert_file": "string",
        "cert_file_value": "string",
        "key_file": "string",
        "key_file_value": "string"
      }
    ],
    "id_attr_name": "string",
    "id_attr_name_crypto": "string",
    "key_file": "string",
    "key_file_value": "string"
  },
  "signatureAlgorithm": "SIG_RSA_SHA1"
}

Properties

Name Type Required Restrictions Description
digestAlgorithm string false Algorithm for calculating digest.
samlAttributesMapping EnhancedSamlAttributeMapping true Attribute mapping between DataRobot and IdP.
samlClientConfiguration EnhancedSamlClientConfig true Encryption related parameters.
signatureAlgorithm string false Algorithm for calculating signature.

Enumerated Values

Property Value
digestAlgorithm DIGEST_RIPEMD160
digestAlgorithm DIGEST_SHA1
digestAlgorithm DIGEST_SHA224
digestAlgorithm DIGEST_SHA256
digestAlgorithm DIGEST_SHA384
digestAlgorithm DIGEST_SHA512
signatureAlgorithm SIG_RSA_SHA1
signatureAlgorithm SIG_RSA_SHA224
signatureAlgorithm SIG_RSA_SHA256
signatureAlgorithm SIG_RSA_SHA384
signatureAlgorithm SIG_RSA_SHA512

SamlCertificate

{
  "fileName": "string",
  "value": "string"
}

Properties

Name Type Required Restrictions Description
fileName string false Path to certificate file.
value string true Certificate content.

SamlGroupMappingResponse

{
  "datarobotGroupId": "string",
  "datarobotGroupName": "string",
  "idpGroupId": "string"
}

Properties

Name Type Required Restrictions Description
datarobotGroupId string true DataRobot group ID.
datarobotGroupName string false DataRobot group name.
idpGroupId string true A name of the identity provider group.

SamlMetadataFile

{
  "fileName": "string",
  "value": "string"
}

Properties

Name Type Required Restrictions Description
fileName string true Path to IdP metadata file.
value string true IdP metadata.

SamlSecurityParameters

{
  "allowUnsolicited": true,
  "authnRequestsSigned": true,
  "logoutRequestsSigned": true,
  "wantAssertionsSigned": true,
  "wantResponseSigned": true
}

Properties

Name Type Required Restrictions Description
allowUnsolicited boolean false Allow unsolicited.
authnRequestsSigned boolean false Sign auth requests.
logoutRequestsSigned boolean false Sign logout requests.
wantAssertionsSigned boolean false Sign assertions.
wantResponseSigned boolean false Sign response.

UpdateSsoConfiguration

{
  "advancedConfiguration": {
    "digestAlgorithm": "DIGEST_RIPEMD160",
    "samlAttributesMapping": {
      "displayName": "string",
      "email": "string",
      "firstName": "string",
      "group": "string",
      "impersonationUser": "string",
      "lastName": "string",
      "role": "string",
      "username": "string"
    },
    "samlClientConfiguration": {
      "cert_file": "string",
      "cert_file_value": "string",
      "encryption_keypairs": [
        {
          "cert_file": "string",
          "cert_file_value": "string",
          "key_file": "string",
          "key_file_value": "string"
        }
      ],
      "id_attr_name": "string",
      "id_attr_name_crypto": "string",
      "key_file": "string",
      "key_file_value": "string"
    },
    "signatureAlgorithm": "SIG_RSA_SHA1"
  },
  "attributeMapping": {
    "displayName": "string",
    "email": "string",
    "firstName": "string",
    "group": "string",
    "impersonationUser": "string",
    "lastName": "string",
    "role": "string",
    "username": "string"
  },
  "autoGenerateUsers": true,
  "certificate": {
    "fileName": "string",
    "value": "string"
  },
  "configurationType": "MANUAL",
  "enableSso": true,
  "enforceSso": true,
  "entityId": "string",
  "groupMapping": [
    {
      "datarobotGroupId": "string",
      "idpGroupId": "string"
    }
  ],
  "idpMetadata": {
    "fileName": "string",
    "value": "string"
  },
  "idpMetadataHttpsVerify": true,
  "idpMetadataUrl": "http://example.com",
  "idpResponseMethod": "POST",
  "issuer": "string",
  "name": "string",
  "organizationId": "string",
  "roleMapping": [
    {
      "datarobotRoleId": "string",
      "idpRoleId": "string"
    }
  ],
  "securityParameters": {
    "allowUnsolicited": true,
    "authnRequestsSigned": true,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
  },
  "sessionLengthSeconds": 0,
  "signOnUrl": "http://example.com",
  "signOutUrl": "http://example.com",
  "spRequestMethod": "POST"
}

Properties

Name Type Required Restrictions Description
advancedConfiguration SamlAdvancedConfiguration false An object containing SSO client advanced parameters.
attributeMapping EnhancedSamlAttributeMapping false Attribute mapping between Datarobot and IdP. The dict that have predefined datarobot attributes in keys and idp attribute in values.
autoGenerateUsers boolean false determines if DataRobot automatically creates an account on first successful login via IdP if the user doesn't exist in the DataRobot application.
certificate SamlCertificate false Certificate to be used by IdP.
configurationType string false The type of the SSO configuration, defines the source of SSO metadata. It can be one of the following: METADATA - when IDP metadata is provided in the config, METADATA_URL - when an URL for metadata retrieval is provided in the config and MANUAL - when IDP sign-on/sign-out URLs and certificate are provided.
enableSso boolean false Defines if SSO is enabled.
enforceSso boolean false Defines if SSO is enforced.
entityId string false The globally unique identifier of the entity. Provided by IdP service.
groupMapping [EnhancedSamlGroupMapping] false The list of DataRobot group to identity provider group maps.
idpMetadata SamlMetadataFile false XML document, IdP SSO descriptor. Provided by IdP service.
idpMetadataHttpsVerify boolean false When idp_metadata_url uses HTTPS, require the server to have a trusted certificate. To avoid security vulnerabilities, only set to False when a trusted server has a self-signed certificate.
idpMetadataUrl string(uri) false URL to the IdP SSO descriptor. Provided by IdP service.
idpResponseMethod string false Identity provider response method, used to move user from IdP's authentication form back to the DataRobot side.
issuer string false Optional Issuer field that may be required by IdP.
name string false The name of the SSO configuration.
organizationId string false The organization ID to which the SSO config belongs.
roleMapping [EnhancedSamlRoleMapping] false The list of DataRobot access role to identity provider role maps.
securityParameters SamlSecurityParameters false The object that contains SAML specific directives.
sessionLengthSeconds integer false Time window for the authentication session via IdP.
signOnUrl string(uri) false URL to sign on via SSO.
signOutUrl string(uri) false URL to sign out via SSO.
spRequestMethod string false Service provider (DataRobot application) request method, is used to move user to the IdP's authentication form.

Enumerated Values

Property Value
configurationType MANUAL
configurationType METADATA
configurationType METADATA_URL
idpResponseMethod POST
idpResponseMethod REDIRECT
spRequestMethod POST
spRequestMethod REDIRECT

更新しました February 20, 2024
Back to top