Access Management API

(2 reviews)

Identity Management

Changes have been made to the identity management API to support multiple identity providers. Identity provider configurations created before Nov 3, 2021 will no longer support the old APIs, however, existing configurations will continue to have access to both the old and new APIs.

New APIs

The following APIs have been added to support actions scoped to a single identity provider configuration:

  • Create an IdP configuration: POST /accounts/api/organizations/:orgId/identityProviders
  • Get IdP configurations: GET /accounts/api/organizations/:orgId/identityProviders
  • Get an IdP configuration by ID: GET /accounts/api/organizations/:orgId/identityProviders/:identityProviderId
  • Update an IdP configuration: PATCH /accounts/api/organizations/:orgId/identityProviders/:identityProviderId
  • Delete an IdP configuration: DELETE /accounts/api/organizations/:orgId/identityProviders/:identityProviderId
  • Get SAML metadata GET /accounts/api/organizations/:orgId/identityProviders/saml-sp-metadata=<PROVIDER_ID>

The following APIs have been added to support settings affecting all identity provider configurations:

  • Get the settings: GET /accounts/api/organizations/:orgId/identityProviderSettings
  • Update the settings: PATCH /accounts/api/organizations/:orgId/identityProviderSettings

The following APIs have been added to support SSO login and authorization:

  • GET /accounts/api/login/:domain/providers/:idpId
  • GET /accounts/api/login/:domain/providers/:idpId/redirect
  • GET /accounts/api/login/:domain/providers/:idpId/receive-id
  • GET /accounts/api/oauth2/authorize/:domain/providers/:idpId
Modified APIs

The following APIs have modified external group mapping schemas to support multiple identity providers:

  • GET, POST /accounts/api/organizations/:orgId/rolegroups
  • GET, PUT /accounts/api/organizations/:orgId/rolegroups/:roleGroupId
  • PATCH, PUT /accounts/api/organizations/:orgId/teams/:teamId/groupmappings

The following APIs will no longer return the identity_management property. Refer to the new APIs instead.

  • GET /accounts/api/me
  • GET /accounts/api/users/me
  • GET /accounts/api/profile
  • GET /accounts/api/organizations/:orgId
  • GET /accounts/api/v2/organizations/:orgId
  • GET /accounts/api/organizations/:orgId/users
  • GET /accounts/api/organizations/:orgId/users/:userId
Deprecated APIs

The following APIs will no longer be supported for IdPs created after Nov 3, 2021:

  • GET /accounts/api/login/:domain
  • GET /accounts/api/login/:domain/redirect
  • POST /accounts/api/login/receive-id
  • GET, PUT, DELETE /accounts/api/organizations/:orgId/provider/users
  • GET /accounts/api/organizations/:orgId/provider/users/saml-sp-metadata

Reviews