getAllIdPs
Gets information of all identity Providers configured in Kantega SSO, both active and inactive.
The authenticated user must have the SYS_ADMIN permission to call this resource.
GET
rest/ksso/api/idp/1.0/idp/ids
Request
Example:https://<atlassian-product-base-url>/rest/ksso/api/info/1.0/idp/ids
Response
Status 200
Returns a list of identity Providers.
[ { "id": "1ncq3jsPC74BGuNnfZPl", "name": "AD FS" }, ...
Status: 401
Returned if the user does not have system admin permission
getAllGroupsForIdp
Gets information about KSSO idp managed groups configuration
The authenticated user must have the SYS_ADMIN permission to call this resource.
GET
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups
Request
Example :https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups
Response
Status: 200
Returns a list of all managed groups for the specified IDP
[ "adminGroup", "adminGroup1", "adminGroup2", …
Status: 401
Returned if the user does not have system admin permission.
addGroup
Adds a new managed group associated with the Identity Provider.
The authenticated user must have the SYS_ADMIN permission to call this resource.
POST
rest/ksso/api/idp/1.0/managedgroups
Use this method to include a new managed group to an existing IDP configuration. This can be beneficial in cases where access management and permissions based on group associations within an Identity Provider become critical. Before invoking this method, ensure that the IDP specified by the `idpId` already exists. If the IDP does not exist, or if the `addManagedGroup` name is already used, this operation might not succeed.
The `idpId` and `addManagedGroup` must not be empty for the addition to be successful.
Note that this method only handles the addition of the group and does not verify if the IDP has existing associations or configurations that might conflict. Use {@link IdpConfigResource} /rest/ksso/api/idp/1.0/idp/ids to obtain the list of existing IDPs.
Request
Example :
POST https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/<idpid>/groups/<groupName>
Request Body:
{"idpId":"<IdentityProvider id>","addManagedGroup":"GroupName”}
Response
Status: 204
Returned if the new managed group is successfully stored.
Status: 400
In case of unhandled error while fetching the IDP configuration or if required parameters are missing.
Status: 401
Returned if the user does not have system admin permission.
replaceGroup
Replaces a managed group associated with the Identity Provider.
The authenticated user must have the SYS_ADMIN permission to call this resource.
PUT
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups/{groupToReplace}
Use this method to replace name of a managed group
Request
Example:https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/managedgroups/<idpid>/groups/<groupToReplace>
Request Options (parameters):
groupToReplace - name of group to replace
idpid- Identity Provider that contains the group to replace
Request Body:
{"idpId":"<Identity Provider ID>","addManagedGroup":"<NameOfGroup>”}
Response
Status: 204
Returned if the managed group is successfully replaced.
Status: 400
In case of unhandled error while fetching the IDP configuration or if required parameters are missing.
Status: 401
Returned if the user does not have system admin permission.
Status: 404
Returned if the managedGroup does not exist in the Identity provider.
getSpecificGroup
Checks whether KSSO managed group exists for a specific IDP (Identity Provider) configuration
The authenticated user must have the SYS_ADMIN permission to call this resource.
GET
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups/{managedGroupName}
Request
Example: GET https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/managedgroups/ <idpId>/groups/<managedgroupName>
Response
Status: 204
Returns empty response with 204 code if the specified managed group is found in the IDP configuration
Status: 400
In case of unhandled error while fetching the IDP configuration or if required parameters are missing.
Status: 401
Returned if the user does not have system admin permission
removeGroup
Removes a managed group from the specified IDP (Identity Provider).
The authenticated user must have the SYS_ADMIN permission to call this resource.
DELETE
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups/{managedGroupName}
This method is restricted to sysadmin users only. If the specified IDP is not found, a BAD_REQUEST response is returned. If the managed group is not found within the IDP, a NOT_FOUND response is returned. If the removal is successful, a NO_CONTENT response is returned.
Request
Example:https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/managedgroups/ <idpid>/groups/<managedGroupName>
Request Options (parameters):
managedGroupName - name of group to remove
idpid- Identity Provider that contains the group to remove
Response
Status: 204
Returned if the managed group is successfully removed.
Status: 400
In case of unhandled error while fetching the IDP configuration or if required parameters are missing.
Status: 401
Returned if the user does not have system admin permission.
Status: 404
Returned if the managedGroupName does not exist in the Identity provider.