Yandex Cloud
  • Сервисы
  • Решения
  • Почему Yandex Cloud
  • Сообщество
  • Тарифы
  • Документация
  • Связаться с нами
Подключиться
Language / Region
Проект Яндекса
© 2023 ООО «Яндекс.Облако»
Yandex Cloud Organization
  • Начало работы
  • Управление организациями
    • Создать организацию
    • Изменить данные организации
    • Переключиться на другую организацию
  • Управление пользователями
    • Обзор
    • Добавить пользователя
    • Получить идентификатор или почту пользователя
    • Назначить права доступа
    • Удалить аккаунт пользователя
  • Управление группами пользователей
  • Управление федерациями удостоверений
    • Настроить федерацию удостоверений
    • Аутентификация с помощью Active Directory
    • Аутентификация с помощью Google Workspace
    • Аутентификация с помощью Azure Active Directory
    • Аутентификация с помощью Keycloak
    • Аутентификация с помощью SAML-совместимой федерации удостоверений
  • Управление облаками и сервисами
  • Справочник API
    • Аутентификация
    • gRPC (англ.)
      • Overview
      • GroupService
      • OrganizationService
      • UserService
      • CertificateService
      • FederationService
      • OperationService
    • REST (англ.)
      • Overview
      • Group
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listMembers
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
        • updateMembers
      • Organization
        • Overview
        • get
        • list
        • listAccessBindings
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
      • User
        • Overview
        • deleteMembership
        • listMembers
      • Federation
        • Overview
        • list
        • get
        • listUserAccounts
        • delete
        • addUserAccounts
        • update
        • listOperations
        • create
      • Certificate
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
  • Правила тарификации
  1. Справочник API
  2. REST (англ.)
  3. Federation
  4. Overview

Cloud Organization SAML API, REST: Federation methods

Статья создана
Yandex Cloud
  • JSON Representation
  • Methods

A set of methods for managing federations.

JSON Representation

{
  "id": "string",
  "organizationId": "string",
  "name": "string",
  "description": "string",
  "createdAt": "string",
  "cookieMaxAge": "string",
  "autoCreateAccountOnLogin": true,
  "issuer": "string",
  "ssoBinding": "string",
  "ssoUrl": "string",
  "securitySettings": {
    "encryptedAssertions": true
  },
  "caseInsensitiveNameIds": true,
  "labels": "object"
}
Field Description
id string

Required. ID of the federation.

The maximum string length in characters is 50.

organizationId string

ID of the organization that the federation belongs to.

name string

Required. Name of the federation.

Value must match the regular expression |[a-z][-a-z0-9]{1,61}[a-z0-9].

description string

Description of the federation.

The maximum string length in characters is 256.

createdAt string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

cookieMaxAge string

Browser cookie lifetime in seconds. If the cookie is still valid, the management console authenticates the user immediately and redirects them to the home page.

Acceptable values are 600 seconds to 43200 seconds, inclusive.

autoCreateAccountOnLogin boolean (boolean)

Add new users automatically on successful authentication. The user becomes member of the organization automatically, but you need to grant other roles to them.

If the value is false, users who aren't added to the organization can't log in, even if they have authenticated on your server.

issuer string

Required. ID of the IdP server to be used for authentication. The IdP server also responds to IAM with this ID after the user authenticates.

The maximum string length in characters is 8000.

ssoBinding string

Single sign-on endpoint binding type. Most Identity Providers support the POST binding type.

SAML Binding is a mapping of a SAML protocol message onto standard messaging formats and/or communications protocols.

  • POST: HTTP POST binding.
  • REDIRECT: HTTP redirect binding.
  • ARTIFACT: HTTP artifact binding.
ssoUrl string

Required. Single sign-on endpoint URL. Specify the link to the IdP login page here.

The maximum string length in characters is 8000.

securitySettings object

Federation security settings.

Federation security settings.

securitySettings.
encryptedAssertions
boolean (boolean)

Enable encrypted assertions.

caseInsensitiveNameIds boolean (boolean)

Use case insensitive Name IDs.

labels object

Resource labels as key:value pairs. Maximum of 64 per resource.

Methods

Method Description
addUserAccounts Adds users to the specified federation.
create Creates a federation in the specified organization.
delete Deletes the specified federation.
get Returns the specified federation.
list Retrieves the list of federations in the specified organization.
listOperations Lists operations for the specified federation.
listUserAccounts Lists users for the specified federation.
update Updates the specified federation.

Была ли статья полезна?

Language / Region
Проект Яндекса
© 2023 ООО «Яндекс.Облако»
В этой статье:
  • JSON Representation
  • Methods