Treasure Data uses the same API endpoints for all our Identity Providers. You can set different values in your payload body to specify the needs of your IdP, including your identity provider name, sign-in and sign-out endpoints, or certification of IdP.

This reference contains APIs for various operations, including getting, creating, editing, deleting configurations for SSO and user settings.

V3 SSO Settings

GET /v3/account/sso_setting

Get SSO settings. 

HTTP Verb

Resource

Description

GET

/v3/account/sso_setting

Gets account settings for their SSO configuration

 

Parameter Name

Required

Type

Description

sso_setting

Yes

object

An SSO setting

cURL Request

curl --request GET 
--location 'https://api.treasuredata.com/v3/account/sso_setting' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>' \

Sample Response

Status: 200 OK  

{
  "sso_setting": {
    "cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----",
    "identity_provider_name": "AzureAD",
    "sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml",
    "sign_out_endpoint": "https://login.exmple.com/signout",
    "strategy": "samlp",
    "updated_at": "2020-12-31T11:22:33.000Z"
  }
}

POST /v3/account/sso_setting

Creates a new SSO setting.

HTTP Verb

Resource

Description

 POST

/v3/account/sso_setting

Allows admin to create and configure IdP for an account.

Parameter Name

Required

Type

Description

sso_setting

Yes

object

An SSO setting

cURL Request

curl --request POST
--location 'https://api.treasuredata.com/v3/account/sso_setting' \ 
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
    "sso_setting": {
        "sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
        "sign_out_endpoint": null,
        "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
    }
}

Sample Response

Status: 200 OK  

{
  "sso_setting": {
    "cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----",
    "identity_provider_name": "AzureAD",
    "sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml",
    "sign_out_endpoint": "https://login.exmple.com/signout",
    "strategy": "samlp",
    "updated_at": "2020-12-31T11:22:33.000Z"
  }
}

PUT /v3/account/sso_setting

Updates to an IdP account setting.

HTTP Verb

Resource

Description

 POST

/v3/account/sso_setting

Allows admin to make updates to an IdP account setting.

Parameter Name

Required

Type

Description

sso_setting

Yes

object

An SSO setting

cURL Request

curl --request PUT
--location 'https://api.treasuredata.com/v3/account/sso_setting' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
    "sso_setting": {
        "sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
        "sign_out_endpoint": null,
        "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
    }
}

Sample Response

Status: 200 OK  

{
  "sso_setting": {
    "cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----",
    "identity_provider_name": "AzureAD",
    "sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml",
    "sign_out_endpoint": "https://login.exmple.com/signout",
    "strategy": "samlp",
    "updated_at": "2020-12-31T11:22:33.000Z"
  }
}

DELETE /v3/account/sso_setting

Delete an IdP account setting.

HTTP Verb

Resource

Description

DELETE 

/v3/account/sso_setting

Allows admin to delete an IdP account setting.

Parameter Name

Required

Type

Description

sso_setting

Yes

object

An SSO setting

cURL Request

curl --request DELETE 
--location 'https://api.treasuredata.com/v3/account/sso_setting' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'

Sample Response

Status: 200 OK  

V3 User Settings

POST /v3/user/create_with_sso/:user_first_name

Create a user with SSO.

HTTP Verb

Resource

Description

POST 

/v3/user/create_with_sso/:user_first_name

Allows the admin to create a user (with SSO).

Parameter Name

Required

Type

Description

user_first_name

Yes

string

First name of user

email

Yes

string

Email user uses to log in

identifier

Yes

string

SSO identifier from IdP

cURL Request

curl --request POST
--location 'https://api.treasuredata.com/v3/user/create_with_sso/:user_first_name' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
    "sso_setting": {
        "sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
        "sign_out_endpoint": null,
        "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
    }
}

Sample Response

Status: 200 OK  

{
  "first_name": "Jake",
  "email": "jake@gmail.com",
  "identifier": "employee_number-00001"
}

POST /v3/user/enforce_sso/:user_email

Enforces SSO.

HTTP Verb

Resource

Description

 POST

/v3/user/enforce_sso/:user_email

Allows admin to make it mandatory for a user to login using SSO.

Parameter Name

Required

Type

Description

user_email

Yes

string

Email of the user

identifier

Yes

string

SSO identifier from IdP

cURL Request

curl --request POST
--location 'https://api.treasuredata.com/v3/user/enforce_sso/:user_email' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
    "sso_setting": {
        "sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
        "sign_out_endpoint": null,
        "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
    }
}

Sample Response

Status: 200 OK  

{
  "email": "jake@gmail.com",
  "identifier": "employee_number-00001"
}

POST /v3/user/enable_sso/:user_email

Enables SSO for a user.

HTTP Verb

Resource

Description

 POST

/v3/user/enforce_sso/:user_email

Allows admin to permit a user to login using SSO.

Parameter Name

Required

Type

Description

user_email

Yes

string

Email of the user

identifier

Yes

string

SSO identifier from IdP

cURL Response

curl --request POST
--location 'https://api.treasuredata.com/v3/user/enable_sso/:user_email' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
    "sso_setting": {
        "sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
        "sign_out_endpoint": null,
        "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
    }
}

Sample Response

Status: 200 OK  

{
  "email": "jake@gmail.com",
  "identifier": "employee_number-00001"
}

POST /v3/user/disable_sso/:user_email

Disables SSO for a user.

HTTP Verb

Resource

Description

 POST

/v3/user/disable_sso/:user_email

Allows admin to prohibit a user from logging in using SSO.

Parameter Name

Required

Type

Description

user_email

Yes

string

Email of the user

cURL Request

curl --request POST 
--location 'https://api.treasuredata.com/v3/user/disable_sso/:user_email' \
--header 'Content-Type: application/json' \
--header 'Authorization: TD1 <td_api_token>'
--data-raw '{
    "sso_setting": {
        "sign_in_endpoint": "urn:treasuredata:sso:eu01:1",
        "sign_out_endpoint": null,
        "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n"
    }
}

Sample Response

Status: 200 OK  

  • No labels