SSO configuration
Use the endpoints described below to configure single sign-on for your organization.
List SSO Configurations
Operation path: GET /api/v2/ssoConfigurations/
Authentication requirements: BearerAuth
List the sso configurations that correspond to provided conditions.
Parameters
| Name |
In |
Type |
Required |
Description |
| offset |
query |
integer |
false |
The number of records to skip over. |
| limit |
query |
integer |
false |
The number of records to return. |
| orgId |
query |
string |
false |
The ID of the organization. |
Example responses
200 Response
{
"properties": {
"count": {
"description": "Number of SSO configurations returned.",
"minimum": 0,
"type": "integer"
},
"data": {
"description": "SSO configuration.",
"items": {
"properties": {
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split idp provided group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"datarobotGroupName": {
"description": "Datarobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration id.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "Datarobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split idp provided role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via idp.",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
},
"maxItems": 1000,
"type": "array"
},
"next": {
"description": "Link to the next page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"previous": {
"description": "Link to the previous page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"totalCount": {
"description": "Total number of SSO configurations.",
"minimum": 0,
"type": "integer"
}
},
"required": [
"count",
"data",
"next",
"previous",
"totalCount"
],
"type": "object"
}
Responses
Create An SSO Configuration
Operation path: POST /api/v2/ssoConfigurations/
Authentication requirements: BearerAuth
Create an SSO configuration for a specific organization.
Body parameter
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via idp.",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Parameters
Example responses
200 Response
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split idp provided group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"datarobotGroupName": {
"description": "Datarobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration id.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "Datarobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split idp provided role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via idp.",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Responses
Retrieve SSO Configuration Of A Specific Organization By Configuration Id by configuration ID
Operation path: GET /api/v2/ssoConfigurations/{configurationId}/
Authentication requirements: BearerAuth
Retrieve SSO configuration of a specific organization.
Parameters
| Name |
In |
Type |
Required |
Description |
| configurationId |
path |
string |
true |
The ID of the organization to retrieve SSO config for. |
Example responses
200 Response
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split idp provided group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"datarobotGroupName": {
"description": "Datarobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration id.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "Datarobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split idp provided role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via idp.",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Responses
Update An SSO Configuration By Configuration Id by configuration ID
Operation path: PATCH /api/v2/ssoConfigurations/{configurationId}/
Authentication requirements: BearerAuth
Update an SSO configuration for a specific organization.
Body parameter
{
"properties": {
"advancedConfiguration": {
"description": "An object containing SSO client advanced parameters.",
"properties": {
"digestAlgorithm": {
"description": "Algorithm for calculating digest.",
"enum": [
"DIGEST_RIPEMD160",
"DIGEST_SHA1",
"DIGEST_SHA224",
"DIGEST_SHA256",
"DIGEST_SHA384",
"DIGEST_SHA512"
],
"type": "string"
},
"samlAttributesMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"samlClientConfiguration": {
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"signatureAlgorithm": {
"description": "Algorithm for calculating signature.",
"enum": [
"SIG_RSA_SHA1",
"SIG_RSA_SHA224",
"SIG_RSA_SHA256",
"SIG_RSA_SHA384",
"SIG_RSA_SHA512"
],
"type": "string"
}
},
"required": [
"samlAttributesMapping",
"samlClientConfiguration"
],
"type": "object"
},
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"description": "Time window for the authentication session via idp.",
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"type": "object"
}
Parameters
| Name |
In |
Type |
Required |
Description |
| configurationId |
path |
string |
true |
The ID of the organization to retrieve SSO config for. |
| body |
body |
UpdateSsoConfiguration |
false |
none |
Responses
| Status |
Meaning |
Description |
Schema |
| 204 |
No Content |
none |
None |
Schemas
CreateSsoConfiguration
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via idp.",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| attributeMapping |
EnhancedSamlAttributeMapping |
false |
|
Attribute mapping between datarobot and idp. |
| autoGenerateUsers |
boolean |
false |
|
Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application. |
| certificate |
SamlCertificate |
false |
|
Certificate to be used by idp. |
| configurationType |
string |
true |
|
The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: metadata - when idp metadata is provided in the config, metadata_url - when an url for metadata retrieval is provided in the config and manual - when idp sign-on/sign-out urls and certificate are provided. |
| enableSso |
boolean |
true |
|
Defines if SSO is enabled. |
| enforceSso |
boolean |
true |
|
Defines if SSO is enforced. |
| entityId |
string |
true |
|
The globally unique identifier of the entity. provided by idp service. |
| groupMapping |
[EnhancedSamlGroupMapping] |
false |
maxItems: 100
|
The list of datarobot group to identity provider group maps. |
| idpMetadata |
SamlMetadataFile |
false |
|
XML document, idp SSO descriptor. provided by idp service. |
| idpMetadataHttpsVerify |
boolean |
false |
|
When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate. |
| idpMetadataUrl |
string(uri) |
false |
|
Url to the idp SSO descriptor. provided by idp service. |
| idpResponseMethod |
string |
true |
|
Identity provider response method, used to move user from idp's authentication form back to the datarobot side. |
| issuer |
string |
false |
|
Optional issuer field that may be required by idp. |
| name |
string |
true |
|
The name of the SSO configuration. |
| organizationId |
string |
false |
|
The organization id to which the SSO config belongs. |
| organizationMapping |
[EnhancedSamlOrganizationMapping] |
false |
maxItems: 100
|
The list of datarobot organization to identity provider organization maps. |
| roleMapping |
[EnhancedSamlRoleMapping] |
false |
maxItems: 100
|
The list of datarobot access role to identity provider role maps. |
| securityParameters |
SamlSecurityParameters |
false |
|
The object that contains SAML specific directives. |
| sessionLengthSeconds |
integer |
true |
|
Time window for the authentication session via idp. |
| signOnUrl |
string(uri) |
false |
|
Url to sign on via sso. |
| signOutUrl |
string(uri) |
false |
|
Url to sign out via sso. |
| spRequestMethod |
string |
true |
|
Service provider (datarobot application) request method, is used to move user to the idp's authentication form. |
Enumerated Values
| Property |
Value |
| configurationType |
[MANUAL, METADATA, METADATA_URL] |
| idpResponseMethod |
[POST, REDIRECT] |
| spRequestMethod |
[POST, REDIRECT] |
EnhancedEncryptionKeypairs
{
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| cert_file |
string |
false |
|
Path to the pem file with a single certificate. |
| cert_file_value |
string |
false |
|
A single certificate pem file content as a single string. has priority over cert_file. |
| key_file |
string |
false |
|
Path to the private key pem file. |
| key_file_value |
string |
false |
|
The private key pem file content as a single string. has priority over key_file. |
EnhancedSamlAttributeMapping
{
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
}
Attribute mapping between datarobot and idp.
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| displayName |
string |
false |
|
Display name. |
| email |
string |
false |
|
Email. |
| firstName |
string |
false |
|
First name. |
| group |
string |
false |
|
Group. |
| impersonationUser |
string |
false |
|
Impersonation user. |
| lastName |
string |
false |
|
Last name. |
| organization |
string |
false |
|
Organization. |
| role |
string |
false |
|
Role. |
| username |
string |
false |
|
Username. |
EnhancedSamlClientConfig
{
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
}
Encryption related parameters.
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| cert_file |
string |
false |
|
Path to the pem file with a single certificate. |
| cert_file_value |
string |
false |
|
A single certificate pem file content as a single string. has priority over cert_file. |
| encryption_keypairs |
[EnhancedEncryptionKeypairs] |
false |
maxItems: 100
|
Indicates which certificates will be used for encryption capabilities. |
| id_attr_name |
string |
false |
|
Attribute is required to be set to 'id' value when OKTA encrypted assertions are used. |
| id_attr_name_crypto |
string |
false |
|
Attribute is required to be set to 'id' value when OKTA encrypted assertions are used. |
| key_file |
string |
false |
|
Path to the private key pem file. |
| key_file_value |
string |
false |
|
The private key pem file content as a single string. has priority over key_file. |
EnhancedSamlGroupMapping
{
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| datarobotGroupId |
string |
true |
|
Datarobot group id. |
| idpGroupId |
string |
true |
|
Name of the identity provider group. |
EnhancedSamlOrganizationMapping
{
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| datarobotOrganizationId |
string |
true |
|
Datarobot organization id. |
| idpOrganizationId |
string |
true |
|
Name of the identity provider organization. |
EnhancedSamlRoleMapping
{
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| datarobotRoleId |
string |
true |
|
Datarobot access role id. |
| idpRoleId |
string |
true |
|
Name of the identity provider role. |
EnhancedSsoConfigurationResponse
{
"properties": {
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split idp provided group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"datarobotGroupName": {
"description": "Datarobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration id.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "Datarobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split idp provided role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via idp.",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| attributeMapping |
EnhancedSamlAttributeMapping |
false |
|
Attribute mapping between datarobot and idp. |
| autoGenerateUsers |
boolean |
false |
|
Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application. |
| certificate |
SamlCertificate |
false |
|
Certificate to be used by idp. |
| configurationType |
string |
true |
|
The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: metadata - when idp metadata is provided in the config, metadata_url - when an url for metadata retrieval is provided in the config and manual - when idp sign-on/sign-out urls and certificate are provided. |
| enableSso |
boolean |
true |
|
Defines if SSO is enabled. |
| enforceSso |
boolean |
true |
|
Defines if SSO is enforced. |
| entityId |
string |
true |
|
The globally unique identifier of the entity. provided by idp service. |
| groupDelimiter |
string |
false |
|
A delimiter used to split idp provided group assertions if provided as a singledelimiter-separated list. |
| groupMapping |
[SamlGroupMappingResponse] |
false |
maxItems: 100
|
The list of datarobot group to identity provider group maps. |
| id |
string |
true |
|
SSO configuration id. |
| idpMetadata |
SamlMetadataFile |
false |
|
XML document, idp SSO descriptor. provided by idp service. |
| idpMetadataHttpsVerify |
boolean |
false |
|
When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate. |
| idpMetadataUrl |
string(uri) |
false |
|
Url to the idp SSO descriptor. provided by idp service. |
| idpResponseMethod |
string |
true |
|
Identity provider response method, used to move user from idp's authentication form back to the datarobot side. |
| issuer |
string,null |
false |
|
Optional issuer field that may be required by idp. |
| name |
string |
true |
|
The name of the SSO configuration. |
| organizationId |
string |
false |
|
The organization id to which the SSO config belongs. |
| organizationMapping |
[SamlOrganizationMappingResponse] |
false |
maxItems: 100
|
The list of datarobot organization to identity provider organization maps. |
| roleDelimiter |
string |
false |
|
A delimiter used to split idp provided role assertions if provided as a singledelimiter-separated list. |
| roleMapping |
[EnhancedSamlRoleMapping] |
false |
maxItems: 100
|
The list of datarobot access role to identity provider role maps. |
| securityParameters |
SamlSecurityParameters |
false |
|
The object that contains SAML specific directives. |
| sessionLengthSeconds |
integer |
true |
|
Time window for the authentication session via idp. |
| signOnUrl |
string(uri) |
false |
|
Url to sign on via sso. |
| signOutUrl |
string(uri) |
false |
|
Url to sign out via sso. |
| spRequestMethod |
string |
true |
|
Service provider (datarobot application) request method, is used to move user to the idp's authentication form. |
Enumerated Values
| Property |
Value |
| configurationType |
[MANUAL, METADATA, METADATA_URL] |
| idpResponseMethod |
[POST, REDIRECT] |
| spRequestMethod |
[POST, REDIRECT] |
ListSsoConfigurationResponse
{
"properties": {
"count": {
"description": "Number of SSO configurations returned.",
"minimum": 0,
"type": "integer"
},
"data": {
"description": "SSO configuration.",
"items": {
"properties": {
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupDelimiter": {
"description": "A delimiter used to split idp provided group assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"datarobotGroupName": {
"description": "Datarobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id": {
"description": "SSO configuration id.",
"type": "string"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"default": "POST",
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": [
"string",
"null"
]
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "Datarobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleDelimiter": {
"description": "A delimiter used to split idp provided role assertions if provided as a singledelimiter-separated list.",
"type": "string"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"default": 604800,
"description": "Time window for the authentication session via idp.",
"exclusiveMinimum": 0,
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"default": "REDIRECT",
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"required": [
"configurationType",
"enableSso",
"enforceSso",
"entityId",
"id",
"idpResponseMethod",
"name",
"sessionLengthSeconds",
"spRequestMethod"
],
"type": "object"
},
"maxItems": 1000,
"type": "array"
},
"next": {
"description": "Link to the next page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"previous": {
"description": "Link to the previous page of the SSO configurations.",
"type": [
"string",
"null"
]
},
"totalCount": {
"description": "Total number of SSO configurations.",
"minimum": 0,
"type": "integer"
}
},
"required": [
"count",
"data",
"next",
"previous",
"totalCount"
],
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| count |
integer |
true |
minimum: 0
|
Number of SSO configurations returned. |
| data |
[EnhancedSsoConfigurationResponse] |
true |
maxItems: 1000
|
SSO configuration. |
| next |
string,null |
true |
|
Link to the next page of the SSO configurations. |
| previous |
string,null |
true |
|
Link to the previous page of the SSO configurations. |
| totalCount |
integer |
true |
minimum: 0
|
Total number of SSO configurations. |
SamlAdvancedConfiguration
{
"description": "An object containing SSO client advanced parameters.",
"properties": {
"digestAlgorithm": {
"description": "Algorithm for calculating digest.",
"enum": [
"DIGEST_RIPEMD160",
"DIGEST_SHA1",
"DIGEST_SHA224",
"DIGEST_SHA256",
"DIGEST_SHA384",
"DIGEST_SHA512"
],
"type": "string"
},
"samlAttributesMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"samlClientConfiguration": {
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"signatureAlgorithm": {
"description": "Algorithm for calculating signature.",
"enum": [
"SIG_RSA_SHA1",
"SIG_RSA_SHA224",
"SIG_RSA_SHA256",
"SIG_RSA_SHA384",
"SIG_RSA_SHA512"
],
"type": "string"
}
},
"required": [
"samlAttributesMapping",
"samlClientConfiguration"
],
"type": "object"
}
An object containing SSO client advanced parameters.
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| digestAlgorithm |
string |
false |
|
Algorithm for calculating digest. |
| samlAttributesMapping |
EnhancedSamlAttributeMapping |
true |
|
Attribute mapping between datarobot and idp. |
| samlClientConfiguration |
EnhancedSamlClientConfig |
true |
|
Encryption related parameters. |
| signatureAlgorithm |
string |
false |
|
Algorithm for calculating signature. |
Enumerated Values
| Property |
Value |
| digestAlgorithm |
[DIGEST_RIPEMD160, DIGEST_SHA1, DIGEST_SHA224, DIGEST_SHA256, DIGEST_SHA384, DIGEST_SHA512] |
| signatureAlgorithm |
[SIG_RSA_SHA1, SIG_RSA_SHA224, SIG_RSA_SHA256, SIG_RSA_SHA384, SIG_RSA_SHA512] |
SamlCertificate
{
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
}
Certificate to be used by idp.
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| fileName |
string |
false |
|
Path to certificate file. |
| value |
string |
true |
|
Certificate content. |
SamlGroupMappingResponse
{
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"datarobotGroupName": {
"description": "Datarobot group name.",
"type": "string"
},
"idpGroupId": {
"description": "A name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| datarobotGroupId |
string |
true |
|
Datarobot group id. |
| datarobotGroupName |
string |
false |
|
Datarobot group name. |
| idpGroupId |
string |
true |
|
A name of the identity provider group. |
{
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
}
XML document, idp SSO descriptor. provided by idp service.
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| fileName |
string |
true |
|
Path to idp metadata file. |
| value |
string |
true |
|
Idp metadata. |
SamlOrganizationMappingResponse
{
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"datarobotOrganizationName": {
"description": "Datarobot organization name.",
"type": "string"
},
"idpOrganizationId": {
"description": "A name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| datarobotOrganizationId |
string |
true |
|
Datarobot organization id. |
| datarobotOrganizationName |
string |
false |
|
Datarobot organization name. |
| idpOrganizationId |
string |
true |
|
A name of the identity provider organization. |
SamlSecurityParameters
{
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
}
The object that contains SAML specific directives.
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| allowUnsolicited |
boolean |
false |
|
Allow unsolicited. |
| authnRequestsSigned |
boolean |
false |
|
Sign auth requests. |
| logoutRequestsSigned |
boolean |
false |
|
Sign logout requests. |
| wantAssertionsSigned |
boolean |
false |
|
Sign assertions. |
| wantResponseSigned |
boolean |
false |
|
Sign response. |
UpdateSsoConfiguration
{
"properties": {
"advancedConfiguration": {
"description": "An object containing SSO client advanced parameters.",
"properties": {
"digestAlgorithm": {
"description": "Algorithm for calculating digest.",
"enum": [
"DIGEST_RIPEMD160",
"DIGEST_SHA1",
"DIGEST_SHA224",
"DIGEST_SHA256",
"DIGEST_SHA384",
"DIGEST_SHA512"
],
"type": "string"
},
"samlAttributesMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"samlClientConfiguration": {
"description": "Encryption related parameters.",
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"encryption_keypairs": {
"description": "Indicates which certificates will be used for encryption capabilities.",
"items": {
"properties": {
"cert_file": {
"description": "Path to the pem file with a single certificate.",
"type": "string"
},
"cert_file_value": {
"description": "A single certificate pem file content as a single string. has priority over cert_file.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"id_attr_name": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"id_attr_name_crypto": {
"description": "Attribute is required to be set to 'id' value when OKTA encrypted assertions are used.",
"type": "string"
},
"key_file": {
"description": "Path to the private key pem file.",
"type": "string"
},
"key_file_value": {
"description": "The private key pem file content as a single string. has priority over key_file.",
"type": "string"
}
},
"type": "object"
},
"signatureAlgorithm": {
"description": "Algorithm for calculating signature.",
"enum": [
"SIG_RSA_SHA1",
"SIG_RSA_SHA224",
"SIG_RSA_SHA256",
"SIG_RSA_SHA384",
"SIG_RSA_SHA512"
],
"type": "string"
}
},
"required": [
"samlAttributesMapping",
"samlClientConfiguration"
],
"type": "object"
},
"attributeMapping": {
"description": "Attribute mapping between datarobot and idp.",
"properties": {
"displayName": {
"description": "Display name.",
"type": "string"
},
"email": {
"description": "Email.",
"type": "string"
},
"firstName": {
"description": "First name.",
"type": "string"
},
"group": {
"description": "Group.",
"type": "string"
},
"impersonationUser": {
"description": "Impersonation user.",
"type": "string"
},
"lastName": {
"description": "Last name.",
"type": "string"
},
"organization": {
"description": "Organization.",
"type": "string",
"x-versionadded": "v2.37"
},
"role": {
"description": "Role.",
"type": "string"
},
"username": {
"description": "Username.",
"type": "string"
}
},
"type": "object"
},
"autoGenerateUsers": {
"description": "Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application.",
"type": "boolean"
},
"certificate": {
"description": "Certificate to be used by idp.",
"properties": {
"fileName": {
"description": "Path to certificate file.",
"type": "string"
},
"value": {
"description": "Certificate content.",
"type": "string"
}
},
"required": [
"value"
],
"type": "object"
},
"configurationType": {
"description": "The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: `metadata` - when idp metadata is provided in the config, `metadata_url` - when an url for metadata retrieval is provided in the config and `manual` - when idp sign-on/sign-out urls and certificate are provided.",
"enum": [
"MANUAL",
"METADATA",
"METADATA_URL"
],
"type": "string"
},
"enableSso": {
"description": "Defines if SSO is enabled.",
"type": "boolean"
},
"enforceSso": {
"description": "Defines if SSO is enforced.",
"type": "boolean"
},
"entityId": {
"description": "The globally unique identifier of the entity. provided by idp service.",
"type": "string"
},
"groupMapping": {
"description": "The list of datarobot group to identity provider group maps.",
"items": {
"properties": {
"datarobotGroupId": {
"description": "Datarobot group id.",
"type": "string"
},
"idpGroupId": {
"description": "Name of the identity provider group.",
"type": "string"
}
},
"required": [
"datarobotGroupId",
"idpGroupId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"idpMetadata": {
"description": "XML document, idp SSO descriptor. provided by idp service.",
"properties": {
"fileName": {
"description": "Path to idp metadata file.",
"type": "string"
},
"value": {
"description": "Idp metadata.",
"type": "string"
}
},
"required": [
"fileName",
"value"
],
"type": "object"
},
"idpMetadataHttpsVerify": {
"description": "When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate.",
"type": "boolean"
},
"idpMetadataUrl": {
"description": "Url to the idp SSO descriptor. provided by idp service.",
"format": "uri",
"type": "string"
},
"idpResponseMethod": {
"description": "Identity provider response method, used to move user from idp's authentication form back to the datarobot side.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
},
"issuer": {
"description": "Optional issuer field that may be required by idp.",
"type": "string"
},
"name": {
"description": "The name of the SSO configuration.",
"type": "string"
},
"organizationId": {
"description": "The organization id to which the SSO config belongs.",
"type": "string"
},
"organizationMapping": {
"description": "The list of datarobot organization to identity provider organization maps.",
"items": {
"properties": {
"datarobotOrganizationId": {
"description": "Datarobot organization id.",
"type": "string"
},
"idpOrganizationId": {
"description": "Name of the identity provider organization.",
"type": "string"
}
},
"required": [
"datarobotOrganizationId",
"idpOrganizationId"
],
"type": "object",
"x-versionadded": "v2.37"
},
"maxItems": 100,
"type": "array",
"x-versionadded": "v2.37"
},
"roleMapping": {
"description": "The list of datarobot access role to identity provider role maps.",
"items": {
"properties": {
"datarobotRoleId": {
"description": "Datarobot access role id.",
"type": "string"
},
"idpRoleId": {
"description": "Name of the identity provider role.",
"type": "string"
}
},
"required": [
"datarobotRoleId",
"idpRoleId"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"securityParameters": {
"description": "The object that contains SAML specific directives.",
"properties": {
"allowUnsolicited": {
"description": "Allow unsolicited.",
"type": "boolean"
},
"authnRequestsSigned": {
"description": "Sign auth requests.",
"type": "boolean"
},
"logoutRequestsSigned": {
"description": "Sign logout requests.",
"type": "boolean"
},
"wantAssertionsSigned": {
"description": "Sign assertions.",
"type": "boolean"
},
"wantResponseSigned": {
"description": "Sign response.",
"type": "boolean"
}
},
"type": "object"
},
"sessionLengthSeconds": {
"description": "Time window for the authentication session via idp.",
"type": "integer"
},
"signOnUrl": {
"description": "Url to sign on via sso.",
"format": "uri",
"type": "string"
},
"signOutUrl": {
"description": "Url to sign out via sso.",
"format": "uri",
"type": "string"
},
"spRequestMethod": {
"description": "Service provider (datarobot application) request method, is used to move user to the idp's authentication form.",
"enum": [
"POST",
"REDIRECT"
],
"type": "string"
}
},
"type": "object"
}
Properties
| Name |
Type |
Required |
Restrictions |
Description |
| advancedConfiguration |
SamlAdvancedConfiguration |
false |
|
An object containing SSO client advanced parameters. |
| attributeMapping |
EnhancedSamlAttributeMapping |
false |
|
Attribute mapping between datarobot and idp. |
| autoGenerateUsers |
boolean |
false |
|
Determines if datarobot automatically creates an account on first successful login via idp if the user doesn't exist in the datarobot application. |
| certificate |
SamlCertificate |
false |
|
Certificate to be used by idp. |
| configurationType |
string |
false |
|
The type of the SSO configuration, defines the source of SSO metadata. it can be one of the following: metadata - when idp metadata is provided in the config, metadata_url - when an url for metadata retrieval is provided in the config and manual - when idp sign-on/sign-out urls and certificate are provided. |
| enableSso |
boolean |
false |
|
Defines if SSO is enabled. |
| enforceSso |
boolean |
false |
|
Defines if SSO is enforced. |
| entityId |
string |
false |
|
The globally unique identifier of the entity. provided by idp service. |
| groupMapping |
[EnhancedSamlGroupMapping] |
false |
maxItems: 100
|
The list of datarobot group to identity provider group maps. |
| idpMetadata |
SamlMetadataFile |
false |
|
XML document, idp SSO descriptor. provided by idp service. |
| idpMetadataHttpsVerify |
boolean |
false |
|
When idp_metadata_url uses https, require the server to have a trusted certificate. to avoid security vulnerabilities, only set to false when a trusted server has a self-signed certificate. |
| idpMetadataUrl |
string(uri) |
false |
|
Url to the idp SSO descriptor. provided by idp service. |
| idpResponseMethod |
string |
false |
|
Identity provider response method, used to move user from idp's authentication form back to the datarobot side. |
| issuer |
string |
false |
|
Optional issuer field that may be required by idp. |
| name |
string |
false |
|
The name of the SSO configuration. |
| organizationId |
string |
false |
|
The organization id to which the SSO config belongs. |
| organizationMapping |
[EnhancedSamlOrganizationMapping] |
false |
maxItems: 100
|
The list of datarobot organization to identity provider organization maps. |
| roleMapping |
[EnhancedSamlRoleMapping] |
false |
maxItems: 100
|
The list of datarobot access role to identity provider role maps. |
| securityParameters |
SamlSecurityParameters |
false |
|
The object that contains SAML specific directives. |
| sessionLengthSeconds |
integer |
false |
|
Time window for the authentication session via idp. |
| signOnUrl |
string(uri) |
false |
|
Url to sign on via sso. |
| signOutUrl |
string(uri) |
false |
|
Url to sign out via sso. |
| spRequestMethod |
string |
false |
|
Service provider (datarobot application) request method, is used to move user to the idp's authentication form. |
Enumerated Values
| Property |
Value |
| configurationType |
[MANUAL, METADATA, METADATA_URL] |
| idpResponseMethod |
[POST, REDIRECT] |
| spRequestMethod |
[POST, REDIRECT] |