createOrgSso

POST https://{{host}}/api/v1/orgs/:org_id/ssos

Body Parameters

Name	Type	Description
`name`	`string`	name
`issuer`	`string`	IDP issuer URL
`idp_cert`	`string`	IDP Cert (used to verify the signed response)
`idp_sso_url`	`string`	IDP Single-Sign-On URL
`idp_sign_algo`	`string`	signing algorithm for SAML Assertion
`nameid_format`	`string`	email (default) / unspecified
`ignore_unmatched_roles`	`boolean`	ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
`default_role`	`string`	default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
`role_attr_from`	`string`	optional, name of the attribute in SAML Assertion to extract role from (defaults to `Role`)
`role_attr_extraction`	`string`	optional, user defined role parsing scheme. See Supported Role Parsing Schemes
`custom_logout_url`	`string`	optional, a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)

Supported Role Parsing Schemes

Name	Scheme
cn	The expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…” CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored) E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”

Request Body

{"name"=>"onelogin", "idp_type"=>"saml", "issuer"=>"https://app.onelogin.com/saml/metadata/138130", "idp_cert"=>"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "idp_sign_algo"=>"sha256", "idp_sso_url"=>"https://yourorg.onelogin.com/trust/saml2/http-post/sso/138130", "nameid_format"=>"email", "custom_logout_url"=>"https://6.4.5.7/saml/idp/SingleLogoutService.php?param1=value1", "ldap_type"=>"azure", "ldap_server_hosts"=>["hostname", "63.1.3.5"], "ldap_base_dn"=>"DC=abc,DC=com", "ldap_bind_dn"=>"CN=nas,CN=users,DC=abc,DC=com", "ldap_bind_password"=>"credential_for_nas", "ldap_cacerts"=>["-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\nBhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----"], "ldap_client_cert"=>"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "ldap_client_key"=>"-----BEGIN PRI...", "ldap_resolve_groups"=>false, "oauth_type"=>"azure", "oauth_tenant_id"=>"1e6ae660-b7d3-4a6c-9efd-1fa606fc7304", "oauth_cc_client_id"=>"e60da615-7def-4c5a-8196-43675f45e174", "oauth_cc_client_secret"=>"akL8Q~5kWFMVFYl4TFZ3fi~7cMdyDONi6cj01cpH", "oauth_ropc_client_id"=>"9ce04c97-b5b1-4ec8-af17-f5ed42d2daf7", "oauth_ropc_client_secret"=>"blM9R~6kWFMVFYl4TFZ3fi~8cMdyDONi6cj01dqI", "scim_enabled"=>false, "scim_secret_token"=>"secret token", "mxedge_proxy"=>{"mxcluster_id"=>"572586b7-f97b-a22b-526c-8b97a3f609c4", "proxy_hosts"=>["mxedge1.corp.com", "63.1.3.5"], "ssids"=>["eduroam_test, eduroam_main"], "operator_name"=>"1dartmouth.edu", "auth_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius.internal", "port"=>1812, "secret"=>"testing123"}], "acct_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}]}, "ignore_unmatched_roles"=>false, "default_role"=>nil}

HEADERS

Key	Datatype	Required	Description
`Accept`	string
`X-CSRFToken`	string
`Content-Type`	string