Update One Organization Configuration in One Federation
Updates one connected organization configuration from the specified federation. To use this resource, the requesting Service Account or API Key must have the Organization Owner role.
Note If the organization configuration has no associated identity provider, you can't use this resource to update role mappings or post authorization role grants.
Note: The domainRestrictionEnabled field defaults to false if not provided in the request.
Note: If the identityProviderId field is not provided, you will disconnect the organization and the identity provider.
Note: Currently connected data access identity providers missing from the dataAccessIdentityProviderIds field will be disconnected.
Path parameters
-
Unique 24-hexadecimal digit string that identifies your federation.
Format should match the following pattern:
^([a-f0-9]{24})$
. -
Unique 24-hexadecimal digit string that identifies the connected organization configuration to update.
Format should match the following pattern:
^([a-f0-9]{24})$
.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelope
JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false
.
Body
Required
The connected organization configuration that you want to update.
-
The collection of unique ids representing the identity providers that can be used for data access in this organization.
-
Approved domains that restrict users who can join the organization based on their email address.
-
Value that indicates whether domain restriction is enabled for this connected org.
-
Legacy 20-hexadecimal digit string that identifies the UI access identity provider that this connected org config is associated with. This id can be found within the Federation Management Console > Identity Providers tab by clicking the info icon in the IdP ID row of a configured identity provider.
Format should match the following pattern:
^([a-f0-9]{20})$
. -
Atlas roles that are granted to a user in this organization after authenticating. Roles are a human-readable label that identifies the collection of privileges that MongoDB Cloud grants a specific MongoDB Cloud user. These roles can only be organization specific roles.
Values are
ORG_OWNER
,ORG_MEMBER
,ORG_GROUP_CREATOR
,ORG_BILLING_ADMIN
,ORG_BILLING_READ_ONLY
,ORG_STREAM_PROCESSING_ADMIN
, orORG_READ_ONLY
. -
Role mappings that are configured in this organization.
Mapping settings that link one IdP and MongoDB Cloud.
-
List that contains the users who have an email address that doesn't match any domain on the allowed list.
MongoDB Cloud user linked to this federated authentication.
atlas api federatedAuthentication updateConnectedOrgConfig --help
import (
"os"
"context"
"log"
sdk "go.mongodb.org/atlas-sdk/v20241113001/admin"
)
func main() {
ctx := context.Background()
clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth
client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))
if err != nil {
log.Fatalf("Error: %v", err)
}
params = &sdk.UpdateFederationSettingConnectedOrgConfigApiParams{}
sdkResp, httpResp, err := client.FederatedAuthenticationApi.
UpdateFederationSettingConnectedOrgConfigWithParams(ctx, params).
Execute()
}
curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Accept: application/vnd.atlas.2024-11-13+json" \
--header "Content-Type: application/json" \
-X PATCH "https://cloud.mongodb.com/api/atlas/v2/federationSettings/{federationSettingsId}/connectedOrgConfigs/{orgId}" \
-d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
--digest --include \
--header "Accept: application/vnd.atlas.2024-11-13+json" \
--header "Content-Type: application/json" \
-X PATCH "https://cloud.mongodb.com/api/atlas/v2/federationSettings/{federationSettingsId}/connectedOrgConfigs/{orgId}" \
-d '{ <Payload> }'
{
"dataAccessIdentityProviderIds": [
"string"
],
"domainAllowList": [
"string"
],
"domainRestrictionEnabled": true,
"identityProviderId": "string",
"postAuthRoleGrants": [
"ORG_OWNER"
],
"roleMappings": [
{
"externalGroupName": "string",
"roleAssignments": [
{
"groupId": "32b6e34b3d91647abb20e7b8",
"orgId": "32b6e34b3d91647abb20e7b8",
"role": "ORG_OWNER"
}
]
}
],
"userConflicts": [
{
"emailAddress": "hello@example.com",
"federationSettingsId": "32b6e34b3d91647abb20e7b8",
"firstName": "string",
"lastName": "string"
}
]
}
{
"dataAccessIdentityProviderIds": [
"string"
],
"domainAllowList": [
"string"
],
"domainRestrictionEnabled": true,
"identityProviderId": "string",
"orgId": "32b6e34b3d91647abb20e7b8",
"postAuthRoleGrants": [
"ORG_OWNER"
],
"roleMappings": [
{
"externalGroupName": "string",
"id": "32b6e34b3d91647abb20e7b8",
"roleAssignments": [
{
"groupId": "32b6e34b3d91647abb20e7b8",
"orgId": "32b6e34b3d91647abb20e7b8",
"role": "ORG_OWNER"
}
]
}
],
"userConflicts": [
{
"emailAddress": "hello@example.com",
"federationSettingsId": "32b6e34b3d91647abb20e7b8",
"firstName": "string",
"lastName": "string",
"userId": "32b6e34b3d91647abb20e7b8"
}
]
}
{
"error": 400,
"detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
"reason": "Bad Request",
"errorCode": "VALIDATION_ERROR"
}
{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}
{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}
{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}