Docs Menu

Docs HomeMongoDB Cloud Manager

Return One Connected Identity Provider

On this page

  • Required Roles
  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response

The federationSettings resource allows you to return one identity provider for a federated authentication configuration.

You must have the Organization Owner role for at least one connected organization in the federation configuration to call this endpoint.

GET /federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}
Name
Type
Description
FEDERATION-SETTINGS-ID
string
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
IDP-ID
string
Unique 20-hexadecimal digit string that identifies the IdP.

The following query parameters are optional:

Name
Type
Necessity
Description
Default
pretty
boolean
Optional
false
envelope
boolean
Optional

Flag that indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

Name
Description
status
HTTP response code
envelope
Expected response body
false

This endpoint doesn't use HTTP request body parameters.

Name
Type
Description
acsUrl
string
Assertion consumer service URL to which the IdP sends the SAML response.
associatedDomains
array
List that contains the configured domains from which users can log in for this IdP.
associatedOrgs
array
List that contains the organizations from which users can log in for this IdP.
audienceUri
string
Identifier for the intended audience of the SAML Assertion.
displayName
string
Human-readable label that identifies the IdP.
issuerUri
string
Identifier for the issuer of the SAML Assertion.
oktaIdpId
string
Unique 20-hexadecimal digit string that identifies the IdP.
pemFileInfo
array

List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate.

Name
Type
Description
certificates
array
List that contains the start date and expiration date for the identity provider's PEM-encoded public key certificate.
fileName
string
Label that identifies the file containing the identity provider's PEM-encoded public key certificate.
requestBinding
string

SAML Authentication Request Protocol binding used to send the AuthNRequest. Cloud Manager supports the following binding values:

  • HTTP POST

  • HTTP REDIRECT

responseSignatureAlgorithm
string

Algorithm used to encrypt the IdP signature. Cloud Manager supports the following signature algorithm values:

  • SHA-1

  • SHA-256

ssoDebugEnabled
boolean
Flag that indicates whether the IdP has SSO debugging enabled.
ssoUrl
string
URL of the receiver of the SAML AuthNRequest.
status
string
Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP.
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--include \
--request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}"
{
"acsUrl" : "https://example.mongodb.com/sso/saml2/12345678901234567890",
"associatedDomains" : [ ],
"associatedOrgs" : [ ],
"audienceUri" : "https://www.example.com/saml2/service-provider/abcdefghij1234567890",
"displayName" : "Test",
"issuerUri" : "urn:123456789000.us.provider.com",
"oktaIdpId" : "1234567890abcdefghij",
"pemFileInfo" : {
"certificates" : [ {
"notAfter" : "2035-09-29T15:03:55Z",
"notBefore" : "2022-01-20T15:03:55Z"
} ],
"fileName" : "file.pem"
},
"requestBinding" : "HTTP-POST",
"responseSignatureAlgorithm" : "SHA-256",
"ssoDebugEnabled" : true,
"ssoUrl" : "https://123456789000.us.provider.com/samlp/12345678901234567890123456789012",
"status" : "INACTIVE"
}
← Return All Connected Identity Providers