Skip to main content

Access Control (REST) API - SAML Identity Providers

This section includes REST APIs for working with Access Control SAML Identity Provider tasks.

Get All SAML Identity Providers - GET /SamlIdentityProviders (v2.0 and up)

Get details of all SAML identity providers.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

  1. GET /SamlIdentityProviders and get details of all SAML identity providers

  2. PUT /SamlIdentityProviders/{id} and update SAML Identity Provider details

URL

/cxrestapi/auth/SamlIdentityProviders

Method:

GET

Media Type (header):

Authorization: Bearer <access token value>

Accept: application/json;v=1.0

Parameters

None

Success Response:

Code: 200 Success

Error Response:

Code: 401 Unauthorized

Code: 403 Forbidden

Sample Response:

[
  {
    "id": 0,
    "certificateFileName": "string",
    "certificateSubject": "string",
    "active": true,
    "name": "string",
    "issuer": "string",
    "loginUrl": "string",
    "logoutUrl": "string",
    "errorUrl": "string",
    "signAuthnRequest": true,
    "authnRequestBinding": "string",
    "isManualManagement": true,
    "defaultTeamId": 0,
    "defaultRoleId": 0
  }
]

Notes:

Retrieves details of all SAML identity providers. Default Team Id (defaultTeamId) is used in the Teams API and Default Role Id (defaultRoleId) is used in the Roles API. If the request fails, it returns an error response.

Create New SAML Identity Provider - POST /SamlIdentityProviders (v2.0 and up)

Create a new SAML identity provider.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

  1. POST /SamlIdentityProviders and create a new SAML identity provider

  2. GET /SamlIdentityProviders and get details of all SAML identity providers, or

  3. GET /SamlIdentityProviders/{id} and get details of a specified SAML identity provider

URL

/cxrestapi/auth/SamlIdentityProviders

Method:

POST

Media Type (header):

Authorization: Bearer <access token value>

Content-Type: application/json;v=1.0

Parameters

Content-type [multipart/form-data]: Specifies the SAML Identity Provider details

CertificateFile=[file] – Certificate file used to verify the SAML assertion

Active=[Boolean] – Whether the SAML identity provider is active (true/false)

Name=[string] - SAML identity provider display name

Issuer=[string] - Issuer of the SAML assertion

LoginUrl=[string] - SAML identity provider single sign-on URL

LogoutUrl=[string] - Redirects URL when logging-out

ErrorUrl=[string] - Redirects URL on error

SignAuthnRequest=[Boolean] – Whether the service provider should sign authentication requests to this identity provider (true/false)

AuthnRequestBinding=[string] – Authentication request binding (HTTP-Redirect or HTTP-Post)

IsManualManagement=[Boolean] – Whether role and group management is done manually (default) or controlled via the SAML assertion (not manual)

DefaultTeamId=[integer] - Default team Id

DefaultRoleId=[ineger] - Default role Id

Success Response:

Code: 201 Success

Error Response:

Code: 400 Bad Request

Code: 401 Unauthorized

Code: 403 Forbidden

Sample Response:

no content

Notes:

Returns the location of the created SAML identity provider in the response header. If the request fails, it returns an error response.

Get SAML Identity Provider by Id - GET /SamlIdentityProviders/{id} (v2.0 and up)

Get details of a specified SAML identity provider.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

  1. POST /SamlIdentityProviders and create a new SAML identity provider

  2. GET /SamlIdentityProviders/{id} and get details of a specified SAML identity provider, or GET /SamlIdentityProviders and get details of all SAML identity providers

URL

/cxrestapi/auth/SamlIdentityProviders/{id}

Method:

GET

Media Type (header):

Authorization: Bearer <access token value>

Accept: application/json;v=1.0

Parameters

id=[integer] - SAML identity provider Id

Success Response:

Code: 201 Success

Error Response:

Code: 400 Bad Request

Code: 401 Unauthorized

Code: 403 Forbidden

Code: 404 Not Found

Sample Response:

{
  "id": 0,
  "certificateFileName": "string",
  "certificateSubject": "string",
  "active": true,
  "name": "string",
  "issuer": "string",
  "loginUrl": "string",
  "logoutUrl": "string",
  "errorUrl": "string",
  "signAuthnRequest": true,
  "authnRequestBinding": "string",
  "isManualManagement": true,
  "defaultTeamId": 0,
  "defaultRoleId": 0
}

Notes:

Retrieves SAML identity provider details according to the SAML identity provider Id. If the request fails, it returns an error response.

Update a SAML Identity Provider - PUT /SamlIdentityProviders/{id} (v2.0 and up)

Update an existing SAML identity provider’s details according to SAML Identity Provider Id.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

  1. GET /SamlIdentityProviders and get details of all SAML identity providers

  2. PUT /SamlIdentityProviders/{id} and update the SAML identity provider’s details

URL

/cxrestapi/auth/SamlIdentityProviders/{id}

Method:

PUT

Media Type (header):

Authorization: Bearer <access token value>

Content-Type: application/json;v=1.0

Parameters

id=[integer] - SAML identity provider Id

Content-type [multipart/form-data]: Specifies the SAML Identity Provider details

CertificateFile=[file] – Certificate file used to verify the SAML assertion

Active=[Boolean] - SAML identity provider state

Name=[string] - SAML identity provider display name

Issuer=[string] - Issuer of the SAML assertion

LoginUrl=[string] - SAML identity provider single sign-on URL

LogoutUrl=[string] - Redirect URL when logging-out

ErrorUrl=[string] - Redirect URL on error

SignAuthnRequest=[Boolean] – Whether the service provider should sign authentication requests to this identity provider (true/false)

AuthnRequestBinding=[string] – Authentication request binding (HTTP-Redirect or HTTP-Post)

IsManualManagement=[Boolean] – Whether role and group management is done manually (default) or controlled via the SAML assertion (not manual)

DefaultTeamId=[integer] - Default team Id

DefaultRoleId=[ineger] - Default role Id

Success Response:

Code: 204 Success

Error Response:

Code: 400 Bad Request

Code: 401 Unauthorized

Code: 403 Forbidden

Code: 404 Not Found

Sample Response:

no content

Notes:

Updates the SAML identity provider details according to SAML identity provider Id. Once the request is successful, it does not return any content. If the request fails, it returns an error response.

Delete a SAML Identity Provider - DELETE /SamlIdentityProviders/{id} (v2.0 and up)

Delete a specific SAML identity provider with all related details according to SAML Identity Providers Id. Note that this action permanently deletes all related users.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

  1. GET /SamlIdentityProviders and get details of all SAML identity providers

  2. DELETE /SamlIdentityProviders/{id} and delete the SAML identity provider’s details

URL

/cxrestapi/auth/SamlIdentityProviders/{id}

Method:

DELETE

Media Type (header):

Authorization: Bearer <access token value>

Content-Type: application/json;v=1.0

Parameters

id=[integer] - SAML identity provider Id

Success Response:

Code: 204 Success

Error Response:

Code: 400 Bad Request

Code: 401 Unauthorized

Code: 403 Forbidden

Code: 404 Not Found

Sample Response:

no content

Notes:

Deletes the SAML identity provider details according to SAML identity provider Id. Once the request is successful, it does not return any content. If the request fails, it returns an error response.