• API >
• Cloud Manager Administration API Resources >
• Federated Authentication Configuration >
• Return One Connected Identity Provider

Return One Connected Identity Provider

The federationSettings resource allows you to return one identity provider for a federated authentication configuration.

Required Roles

You must have the Organization Owner role for at least one connected organization in the federation configuration to call this endpoint.

Resource

GET /federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}

Request Path Parameters

Name	Type	Description
FEDERATION-SETTINGS-ID	string	Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
IDP-ID	string	Unique 20-hexadecimal digit string that identifies the IdP.

Request Query Parameters

The following query parameters are optional:

Name	Type	Necessity	Description	Default
pretty	boolean	Optional	Flag indicating whether the response body should be in a prettyprint format.	false
envelope	boolean	Optional	Flag that indicates whether or not to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes: Name Description status HTTP response code envelope Expected response body	false

Request Body Parameters

This endpoint doesn’t use HTTP request body parameters.

Response

Name	Type	Description
acsUrl	string	Assertion consumer service URL to which the IdP sends the SAML response.
associatedDomains	array	List that contains the configured domains from which users can log in for this IdP.
associatedOrgs	array	List that contains the organizations from which users can log in for this IdP.
audienceUri	string	Identifier for the intended audience of the SAML Assertion.
displayName	string	Human-readable label that identifies the IdP.
issuerUri	string	Identifier for the issuer of the SAML Assertion.
oktaIdpId	string	Unique 20-hexadecimal digit string that identifies the IdP.
pemFileInfo	array	List that contains the file information, including: start date, and expiration date for the identity provider’s PEM-encoded public key certificate. Name Type Description certificates array List that contains the start date and expiration date for the identity provider’s PEM-encoded public key certificate. fileName string Label that identifies the file containing the identity provider’s PEM-encoded public key certificate.
requestBinding	string	SAML Authentication Request Protocol binding used to send the AuthNRequest. Cloud Manager supports the following binding values: HTTP POST HTTP REDIRECT
responseSignatureAlgorithm	string	Algorithm used to encrypt the IdP signature. Cloud Manager supports the following signature algorithm values: SHA-1 SHA-256
ssoDebugEnabled	boolean	Flag that indicates whether the IdP has SSO debugging enabled.
ssoUrl	string	URL of the receiver of the SAML AuthNRequest.
status	string	Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP.

Example Request

copy

curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
     --header "Accept: application/json" \
     --header "Content-Type: application/json" \
     --include \
     --request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}"

Example Response

{
 "acsUrl" : "https://example.mongodb.com/sso/saml2/12345678901234567890",
 "associatedDomains" : [ ],
 "associatedOrgs" : [ ],
 "audienceUri" : "https://www.example.com/saml2/service-provider/abcdefghij1234567890",
 "displayName" : "Test",
 "issuerUri" : "urn:123456789000.us.provider.com",
 "oktaIdpId" : "1234567890abcdefghij",
 "pemFileInfo" : {
     "certificates" : [ {
         "notAfter" : "2035-09-29T15:03:55Z",
         "notBefore" : "2022-01-20T15:03:55Z"
         } ],
     "fileName" : "file.pem"
     },
 "requestBinding" : "HTTP-POST",
 "responseSignatureAlgorithm" : "SHA-256",
 "ssoDebugEnabled" : true,
 "ssoUrl" : "https://123456789000.us.provider.com/samlp/12345678901234567890123456789012",
 "status" : "INACTIVE"
 }

←   Return All Connected Identity Providers Return One Identity Provider’s Metadata  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.