REST API for Identity Federation
Treasure Data uses the same API endpoints for all our Identity Providers. You can set different values in your payload body to specify the needs of your IdP, including your identity provider name, sign-in and sign-out endpoints, or certification of IdP.
This reference contains APIs for various operations, including getting, creating, editing, deleting configurations for SSO and user settings.
V3 SSO Settings
GET /v3/account/sso_setting
Get SSO settings.
| HTTP Verb | Resource | Description |
|---|---|---|
| GET | /v3/account/sso_setting |
Gets account settings for their SSO configuration. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
sso_setting |
Yes | object | An SSO setting |
Sample RequestSample Response Status: 200 OK
curl Request**
**Sample Request**
```curl Sample Request
curl --request GET
--location 'https://api.treasuredata.com/v3/account/sso_setting' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'{
"sso_setting": {
"cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----",
"identity_provider_name": "AzureAD",
"sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml",
"sign_out_endpoint": "https://login.exmple.com/signout",
"strategy": "samlp",
"updated_at": "2020-12-31T11:22:33.000Z"
}
}POST /v3/account/sso_setting
Creates a new SSO setting.
| HTTP Verb | Resource | Description |
|---|---|---|
| POST | /v3/account/sso_setting |
Allows admin to create and configure IdP for an account. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
sso_setting |
Yes | object | An SSO setting |
Sample RequestSample Response Status: 200 OK
curl --request POST
--location 'https://api.treasuredata.com/v3/account/sso_setting' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
"sso_setting": {
"sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
"sign_out_endpoint": null,
"cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
}
}{
"sso_setting": {
"cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----",
"identity_provider_name": "AzureAD",
"sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml",
"sign_out_endpoint": "https://login.exmple.com/signout",
"strategy": "samlp",
"updated_at": "2020-12-31T11:22:33.000Z"
}
}PUT /v3/account/sso_setting
Updates to an IdP account setting.
| HTTP Verb | Resource | Description |
|---|---|---|
| POST | /v3/account/sso_setting |
Allows admin to make updates to an IdP account setting. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
sso_setting |
Yes | object | An SSO setting |
Sample RequestSample Response Status: 200 OK
curl --request PUT
--location 'https://api.treasuredata.com/v3/account/sso_setting' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
"sso_setting": {
"sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
"sign_out_endpoint": null,
"cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
}
}{
"sso_setting": {
"cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----",
"identity_provider_name": "AzureAD",
"sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml",
"sign_out_endpoint": "https://login.exmple.com/signout",
"strategy": "samlp",
"updated_at": "2020-12-31T11:22:33.000Z"
}
}DELETE /v3/account/sso_setting
Delete an IdP account setting.
| HTTP Verb | Resource | Description |
|---|---|---|
| DELETE | /v3/account/sso_setting |
Allows admin to delete an IdP account setting. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
sso_setting |
Yes | object | An SSO setting |
curl --request DELETE
--location 'https://api.treasuredata.com/v3/account/sso_setting' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'V3 User Settings
POST /v3/user/create_with_sso/:user_first_name
Create a user with SSO.
| HTTP Verb | Resource | Description |
|---|---|---|
| POST | /v3/user/create_with_sso/:user_first_name |
Allows the admin to create a user with SSO. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
user_first_name |
Yes | string | First name of user |
email |
Yes | string | Email user uses to log in |
identifier |
Yes | string | SSO identifier from IdP |
Sample RequestSample Response Status: 200 OK
curl --request POST
--location 'https://api.treasuredata.com/v3/user/create_with_sso/:user_first_name' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
"sso_setting": { "user_first_name": "user_first_name",
"email": "email@abc.com",
"identifier": "12345678"
}
}{
"first_name": "Jake",
"email": "jake@companyName.com",
"identifier": "employee_number-00001"
}POST /v3/user/enforce_sso/:user_email
Enforces SSO.
| HTTP Verb | Resource | Description |
|---|---|---|
| POST | /v3/user/enforce_sso/:user_email |
Allows admin to make it mandatory for a user to login with SSO. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
user_email |
Yes | string | Email of the user |
identifier |
Yes | string | SSO identifier from IdP |
Sample RequestSample Response Status: 200 OK
curl --request POST
--location 'https://api.treasuredata.com/v3/user/enforce_sso/:user_email' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
"sso_setting": { "user_email": "user_email",
"identifier": "12345678"
}
}{
"email": "jake@companyName.com",
"identifier": "employee_number-00001"
}POST /v3/user/enable_sso/:user_email
Enables SSO for a user.
| HTTP Verb | Resource | Description |
|---|---|---|
| POST | /v3/user/enable_sso/:user_email |
Allows admin to permit a user to login with SSO. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
user_email |
Yes | string | Email of the user |
identifier |
Yes | string | SSO identifier from IdP |
Sample RequestSample Response Status: 200 OK
curl --request POST
--location 'https://api.treasuredata.com/v3/user/enable_sso/:user_email' \ --header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
"sso_setting": { "user_email": "user_email",
"identifier": "12345678"
}
} {
"email": "jake@companyName.com",
"identifier": "employee_number-00001"
}POST /v3/user/disable_sso/:user_email
Disables SSO for a user.
| HTTP Verb | Resource | Description |
|---|---|---|
| POST | /v3/user/disable_sso/:user_email |
Allows admin to prohibit a user from logging in with SSO. |
| Parameter Name | Required | Type | Description |
|---|---|---|---|
user_email |
Yes | string | Email of the user |
Sample Request
curl --request POST
--location 'https://api.treasuredata.com/v3/user/disable_sso/:user_email' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
"sso_setting": { "user_email": "user_email"
}
}