# REST API for Identity Federation Treasure Data uses the same API endpoints for all our Identity Providers. You can set different values in your payload body to specify the needs of your IdP, including your identity provider name, sign-in and sign-out endpoints, or certification of IdP. This reference contains APIs for various operations, including getting, creating, editing, deleting configurations for SSO and user settings. ## V3 SSO Settings ### GET /v3/account/sso_setting Get SSO settings. | HTTP Verb | Resource | Description | | --- | --- | --- | | GET | `/v3/account/sso_setting` | Gets account settings for their SSO configuration. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `sso_setting` | Yes | object | An SSO setting | ```curl Sample Request curl Request** **Sample Request** ```curl Sample Request curl --request GET --location 'https://api.treasuredata.com/v3/account/sso_setting' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' ``` ```json Sample Response Status: 200 OK { "sso_setting": { "cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----", "identity_provider_name": "AzureAD", "sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml", "sign_out_endpoint": "https://login.exmple.com/signout", "strategy": "samlp", "updated_at": "2020-12-31T11:22:33.000Z" } } ``` ### POST /v3/account/sso_setting Creates a new SSO setting. | HTTP Verb | Resource | Description | | --- | --- | --- | | POST | `/v3/account/sso_setting` | Allows admin to create and configure IdP for an account. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `sso_setting` | Yes | object | An SSO setting | ```curl Sample Request curl --request POST --location 'https://api.treasuredata.com/v3/account/sso_setting' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' --data-raw '{ "sso_setting": { "sign_in_endpoint": "urn:treasuredata:sso:eu01:1", "sign_out_endpoint": null, "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n" } } ``` ```json Sample Response Status: 200 OK { "sso_setting": { "cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----", "identity_provider_name": "AzureAD", "sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml", "sign_out_endpoint": "https://login.exmple.com/signout", "strategy": "samlp", "updated_at": "2020-12-31T11:22:33.000Z" } } ``` ### PUT /v3/account/sso_setting Updates to an IdP account setting. | HTTP Verb | Resource | Description | | --- | --- | --- | | POST | `/v3/account/sso_setting` | Allows admin to make updates to an IdP account setting. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `sso_setting` | Yes | object | An SSO setting | ```curl Sample Request curl --request PUT --location 'https://api.treasuredata.com/v3/account/sso_setting' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' --data-raw '{ "sso_setting": { "sign_in_endpoint": "urn:treasuredata:sso:eu01:1", "sign_out_endpoint": null, "cert": "-----BEGIN CERTIFICATE-----\r\xxxxx\r\n-----END CERTIFICATE-----\r\n" } } ``` ```json Sample Response Status: 200 OK { "sso_setting": { "cert": "-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----", "identity_provider_name": "AzureAD", "sign_in_endpoint": "https://login.example.com/ffffffff-ffff-ffff-ffff-ffffffffffff/saml", "sign_out_endpoint": "https://login.exmple.com/signout", "strategy": "samlp", "updated_at": "2020-12-31T11:22:33.000Z" } } ``` ### DELETE /v3/account/sso_setting Delete an IdP account setting. | HTTP Verb | Resource | Description | | --- | --- | --- | | DELETE | `/v3/account/sso_setting` | Allows admin to delete an IdP account setting. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `sso_setting` | Yes | object | An SSO setting | ```curl Sample Request curl --request DELETE --location 'https://api.treasuredata.com/v3/account/sso_setting' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' ``` ## V3 User Settings ### POST /v3/user/create_with_sso/:user_first_name Create a user with SSO. | HTTP Verb | Resource | Description | | --- | --- | --- | | POST | `/v3/user/create_with_sso/:user_first_name` | Allows the admin to create a user with SSO. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `user_first_name` | Yes | string | First name of user | | `email` | Yes | string | Email user uses to log in | | `identifier` | Yes | string | SSO identifier from IdP | ```curl Sample Request curl --request POST --location 'https://api.treasuredata.com/v3/user/create_with_sso/:user_first_name' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' --data-raw '{ "sso_setting": { "user_first_name": "user_first_name", "email": "email@abc.com", "identifier": "12345678" } } ``` ```json Sample Response Status: 200 OK { "first_name": "Jake", "email": "jake@companyName.com", "identifier": "employee_number-00001" } ``` ### POST /v3/user/enforce_sso/:user_email Enforces SSO. | HTTP Verb | Resource | Description | | --- | --- | --- | | POST | `/v3/user/enforce_sso/:user_email` | Allows admin to make it mandatory for a user to login with SSO. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `user_email` | Yes | string | Email of the user | | `identifier` | Yes | string | SSO identifier from IdP | ```curl Sample Request curl --request POST --location 'https://api.treasuredata.com/v3/user/enforce_sso/:user_email' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' --data-raw '{ "sso_setting": { "user_email": "user_email", "identifier": "12345678" } } ``` ```json Sample Response Status: 200 OK { "email": "jake@companyName.com", "identifier": "employee_number-00001" } ``` ### POST /v3/user/enable_sso/:user_email Enables SSO for a user. | HTTP Verb | Resource | Description | | --- | --- | --- | | POST | `/v3/user/enable_sso/:user_email` | Allows admin to permit a user to login with SSO. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `user_email` | Yes | string | Email of the user | | `identifier` | Yes | string | SSO identifier from IdP | ```curl Sample Request curl --request POST --location 'https://api.treasuredata.com/v3/user/enable_sso/:user_email' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' --data-raw '{ "sso_setting": { "user_email": "user_email", "identifier": "12345678" } } ``` ```json Sample Response Status: 200 OK { "email": "jake@companyName.com", "identifier": "employee_number-00001" } ``` ### POST /v3/user/disable_sso/:user_email Disables SSO for a user. | HTTP Verb | Resource | Description | | --- | --- | --- | | POST | `/v3/user/disable_sso/:user_email` | Allows admin to prohibit a user from logging in with SSO. | | Parameter Name | Required | Type | Description | | --- | --- | --- | --- | | `user_email` | Yes | string | Email of the user | **Sample Request** ```curl Sample Request curl --request POST --location 'https://api.treasuredata.com/v3/user/disable_sso/:user_email' \ --header 'Content-Type: application/json' \ --header 'Authorization: TD1 \' --data-raw '{ "sso_setting": { "user_email": "user_email" } } ```