Step 2: Create a SAML application

POST {{apiPath}}/environments/{{envID}}/applications

This example shows the POST /environments/{{envID}}/applications operation to create a new SAML application. This app configuration represents (to PingOne) the real application that users will query to sign-on.

In this request:

• {{envID}} represents the environment ID for your environment.

• These properties are required in the request body:

  • enabled. The current enabled state of the application.
  • name. The name of the application.
  • type. The application type. In this workflow, the type is WEB_APP.
  • protocol. The protocol used by the application. In this workflow, the protocol is SAML.
  • assertionDuration. The assertion validity duration in seconds.
  • acsUrls. Assertion Consumer Service URLs. The first URL in the list is used as default. There must be at least one URL.
  • sloResponseEndpoint. The endpoint URL to submit the logout response. If a value is not provided, the sloEndpoint property value is used to submit the SLO response.
  • spEntityId. The service provider entity ID used to lookup the application. This is a required property and is unique within the environment.
  • nameIdFormat. The format of the Subject NameID attribute in the SAML assertion.
  • accessControl. The access control configuration for sign-on.

Note: The accessControl.group.groups property specifies the group that controls access to the application. Later in this workflow, you'll define the group itself, and you'll create a user filter that adds users to the group automatically if they have a specific type property value.

• The response returns a Status: 201 created message and shows the new application's configuration data.

See the following topics to learn more:

• Application Management

• Application Operations

• Create Application (SAML Protocol)

• API Toolkit: User management configuration

Request Body

{"name"=>"SAMLapp_{{$timestamp}}", "description"=>"this is my SAML application", "enabled"=>true, "type"=>"WEB_APP", "protocol"=>"SAML", "assertionDuration"=>60, "acsUrls"=>["https://example.com"], "sloResponseEndpoint"=>"https://example.com", "sloEndpoint"=>"https://example.com", "spEntityId"=>"samltest{{$timestamp}}", "nameIdFormat"=>"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl"=>{"group"=>{"type"=>"ANY_GROUP", "groups"=>[{"id"=>"{{samlGroupID}}"}]}}}

HEADERS