Return All Connected Identity Providers
On this page
- OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.
- The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.
The federationSettings
resource allows you to return all
identity providers for a federated authentication configuration.
Required Roles
You must have the Organization Owner
role for at least one
connected organization in the federation configuration to call this
endpoint.
Resource
GET /federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/
Request Path Parameters
Name | Type | Description |
---|---|---|
FEDERATION-SETTINGS-ID | string | Unique 24-hexadecimal digit string that identifies the federated
authentication configuration. |
Request Query Parameters
The following query parameters are optional:
Name | Type | Necessity | Description | Default |
---|---|---|---|---|
pageNum | number | Optional | One-based integer that returns a subsection of results. | 1 |
itemsPerPage | number | Optional | Number of items to return per page, up to a maximum of 500. | 100 |
pretty | boolean | Optional | Flag that indicates whether the response body should be in a
prettyprint format. | false |
envelope | boolean | Optional | Flag that indicates whether or not to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or
status code. To remediate this, set For endpoints that return a list of results, the | false |
protocol | string | Optional | The protocol(s) of the target IdPs. Possible values are:
If this is not specified, this enpoint only returns | SAML |
Request Body Parameters
This endpoint doesn't use HTTP request body parameters.
Response
Response Document
The response JSON document includes an array of result objects, an array of link objects and a count of the total number of result objects retrieved.
Name | Type | Description |
---|---|---|
results | array | Array includes one object for each item detailed in the
results Embedded Document section. |
links | array | Array includes one or more links to sub-resources
and/or related resources. The relations between URLs are
explained in the Web Linking Specification. |
totalCount | number | Integer count of the total number of items in the result set. It
may be greater than the number of objects in the
results array if the entire result set is paginated. |
results
Embedded Document
Each document in the results
array contains the federated
authentication configuration for each connected organization.
Name | Type | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
acsUrl | string | Assertion consumer service URL to which the IdP sends the SAML response. | |||||||||
associatedDomains | array | List that contains the configured domains from which users can log in for
this IdP. | |||||||||
associatedOrgs | array | List that contains the organizations from which users can log in for this
IdP. | |||||||||
audienceUri | string | Identifier for the intended audience of the SAML Assertion. | |||||||||
displayName | string | Human-readable label that identifies the IdP. | |||||||||
issuerUri | string | Identifier for the issuer of the SAML Assertion. | |||||||||
oktaIdpId | string | Unique 20-hexadecimal digit string that identifies the IdP. | |||||||||
pemFileInfo | array | List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate.
| |||||||||
requestBinding | string | SAML Authentication Request Protocol binding used to send the AuthNRequest. Cloud Manager supports the following binding values:
| |||||||||
responseSignatureAlgorithm | string | Algorithm used to encrypt the IdP signature. Cloud Manager supports the following signature algorithm values:
| |||||||||
ssoDebugEnabled | boolean | Flag that indicates whether the IdP has SSO debugging enabled. | |||||||||
ssoUrl | string | URL of the receiver of the SAML AuthNRequest. | |||||||||
status | string | Label that indicates whether the identity provider is active. The IdP is
Inactive until you map at least one domain to the
IdP. |
Example SAML Request
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --include \ --request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders"
Example SAML Response
{ "links": [ { "links" : [ { "href" : "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders?pretty=true&pageNum=1&itemsPerPage=100", "rel": "self" } ], "results": [ { "acsUrl" : "https://example.mongodb.com/sso/saml2/12345678901234567890", "associatedDomains" : [ ], "associatedOrgs" : [ ], "audienceUri" : "https://www.example.com/saml2/service-provider/abcdefghij1234567890", "displayName" : "Test", "issuerUri" : "urn:123456789000.us.provider.com", "oktaIdpId" : "1234567890abcdefghij", "pemFileInfo" : { "certificates" : [ { "notAfter" : "2035-09-29T15:03:55Z", "notBefore" : "2022-01-20T15:03:55Z" } ], "fileName" : "file.pem" }, "requestBinding" : "HTTP-POST", "responseSignatureAlgorithm" : "SHA-256", "ssoDebugEnabled" : true, "ssoUrl" : "https://123456789000.us.provider.com/samlp/12345678901234567890123456789012", "status" : "INACTIVE" } ], "totalCount": 1 }
Example OIDC Request
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --include \ --request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders?protocol=OIDC"
Example OIDC Response
{ "links": [ { "links" : [ { "href" : "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders?pretty=true&pageNum=1&itemsPerPage=100", "rel": "self" } ], "results": [ { "associatedDomains": [], "associatedOrgs": [], "audienceClaim": [ "audience" ], "clientId": "clientId", "description": "OIDC IdP response example", "displayName": "OIDC IdP", "groupsClaim": "groups", "id": "32b6e34b3d91647abb20e7b8", "issuerUri": "issuer.com", "oktaIdpId": null, "protocol": "OIDC", "requestedScopes": [ "scopes" ], "userClaim": "sub" } ], "totalCount": 1 }