Return One Connected Identity Provider
On this page
- OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.
- The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.
The federationSettings resource allows you to return one
identity provider for a federated authentication
configuration.
Required Roles
You must have the Organization Owner role for at least one
connected organization in the federation configuration to call this
endpoint.
Resource
GET /federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}
Request Path Parameters
Name | Type | Description |
|---|---|---|
FEDERATION-SETTINGS-ID | string | Unique 24-hexadecimal digit string that identifies the federated
authentication configuration. |
IDP-ID | string | Unique 20-hexadecimal digit string that identifies the IdP. |
Request Query Parameters
The following query parameters are optional:
Name | Type | Necessity | Description | Default | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Optional | Flag that indicates whether or not to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
| false |
Request Body Parameters
This endpoint doesn't use HTTP request body parameters.
Response
Name | Type | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
acsUrl | string | Assertion consumer service URL to which the IdP sends the SAML response. | |||||||||
associatedDomains | array | List that contains the configured domains from which users can log in for
this IdP. | |||||||||
associatedOrgs | array | List that contains the organizations from which users can log in for this
IdP. | |||||||||
audienceUri | string | Identifier for the intended audience of the SAML Assertion. | |||||||||
displayName | string | Human-readable label that identifies the IdP. | |||||||||
issuerUri | string | Identifier for the issuer of the SAML Assertion. | |||||||||
oktaIdpId | string | Unique 20-hexadecimal digit string that identifies the IdP. | |||||||||
pemFileInfo | array | List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate.
| |||||||||
requestBinding | string | SAML Authentication Request Protocol binding used to send the AuthNRequest. Cloud Manager supports the following binding values:
| |||||||||
responseSignatureAlgorithm | string | Algorithm used to encrypt the IdP signature. Cloud Manager supports the following signature algorithm values:
| |||||||||
ssoDebugEnabled | boolean | Flag that indicates whether the IdP has SSO debugging enabled. | |||||||||
ssoUrl | string | URL of the receiver of the SAML AuthNRequest. | |||||||||
status | string | Label that indicates whether the identity provider is active. The IdP is
Inactive until you map at least one domain to the
IdP. |
Example Request
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --include \ --request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}"
Example Response
{ "acsUrl" : "https://example.mongodb.com/sso/saml2/12345678901234567890", "associatedDomains" : [ ], "associatedOrgs" : [ ], "audienceUri" : "https://www.example.com/saml2/service-provider/abcdefghij1234567890", "displayName" : "Test", "issuerUri" : "urn:123456789000.us.provider.com", "oktaIdpId" : "1234567890abcdefghij", "pemFileInfo" : { "certificates" : [ { "notAfter" : "2035-09-29T15:03:55Z", "notBefore" : "2022-01-20T15:03:55Z" } ], "fileName" : "file.pem" }, "requestBinding" : "HTTP-POST", "responseSignatureAlgorithm" : "SHA-256", "ssoDebugEnabled" : true, "ssoUrl" : "https://123456789000.us.provider.com/samlp/12345678901234567890123456789012", "status" : "INACTIVE" }