Access Management API
Identity Management
Changes have been made to the identity management API to support multiple identity providers. Identity provider configurations created before Nov 3, 2021 will no longer support the old APIs, however, existing configurations will continue to have access to both the old and new APIs.
New APIs
The following APIs have been added to support actions scoped to a single identity provider configuration:
- Create an IdP configuration:
POST /accounts/api/organizations/:orgId/identityProviders
- Get IdP configurations:
GET /accounts/api/organizations/:orgId/identityProviders
- Get an IdP configuration by ID:
GET /accounts/api/organizations/:orgId/identityProviders/:identityProviderId
- Update an IdP configuration:
PATCH /accounts/api/organizations/:orgId/identityProviders/:identityProviderId
- Delete an IdP configuration:
DELETE /accounts/api/organizations/:orgId/identityProviders/:identityProviderId
- Get SAML metadata
GET /accounts/api/organizations/:orgId/identityProviders/saml-sp-metadata=<PROVIDER_ID>
The following APIs have been added to support settings affecting all identity provider configurations:
- Get the settings:
GET /accounts/api/organizations/:orgId/identityProviderSettings
- Update the settings:
PATCH /accounts/api/organizations/:orgId/identityProviderSettings
The following APIs have been added to support SSO login and authorization:
GET /accounts/api/login/:domain/providers/:idpId
GET /accounts/api/login/:domain/providers/:idpId/redirect
GET /accounts/api/login/:domain/providers/:idpId/receive-id
GET /accounts/api/oauth2/authorize/:domain/providers/:idpId
Modified APIs
The following APIs have modified external group mapping schemas to support multiple identity providers:
GET, POST /accounts/api/organizations/:orgId/rolegroups
GET, PUT /accounts/api/organizations/:orgId/rolegroups/:roleGroupId
PATCH, PUT /accounts/api/organizations/:orgId/teams/:teamId/groupmappings
The following APIs will no longer return the identity_management
property. Refer to the new APIs instead.
GET /accounts/api/me
GET /accounts/api/users/me
GET /accounts/api/profile
GET /accounts/api/organizations/:orgId
GET /accounts/api/v2/organizations/:orgId
GET /accounts/api/organizations/:orgId/users
GET /accounts/api/organizations/:orgId/users/:userId
Deprecated APIs
The following APIs will no longer be supported for IdPs created after Nov 3, 2021:
GET /accounts/api/login/:domain
GET /accounts/api/login/:domain/redirect
POST /accounts/api/login/receive-id
GET, PUT, DELETE /accounts/api/organizations/:orgId/provider/users
GET /accounts/api/organizations/:orgId/provider/users/saml-sp-metadata