Skip to content

Latest commit

 

History

History
executable file
·
37 lines (34 loc) · 4.8 KB

SamlConfig.md

File metadata and controls

executable file
·
37 lines (34 loc) · 4.8 KB

LookerApi31Reference.SamlConfig

Properties

Name Type Description Notes
enabled Boolean Enable/Disable Saml authentication for the server [optional]
idpCert String Identity Provider Certificate (provided by IdP) [optional]
idpUrl String Identity Provider Url (provided by IdP) [optional]
idpIssuer String Identity Provider Issuer (provided by IdP) [optional]
idpAudience String Identity Provider Audience (set in IdP config). Optional in Looker. Set this only if you want Looker to validate the audience value returned by the IdP. [optional]
allowedClockDrift Number Count of seconds of clock drift to allow when validating timestamps of assertions. [optional]
userAttributeMapEmail String Name of user record attributes used to indicate email address field [optional]
userAttributeMapFirstName String Name of user record attributes used to indicate first name [optional]
userAttributeMapLastName String Name of user record attributes used to indicate last name [optional]
newUserMigrationTypes String Merge first-time saml login to existing user account by email addresses. When a user logs in for the first time via saml this option will connect this user into their existing account by finding the account with a matching email address by testing the given types of credentials for existing users. Otherwise a new user account will be created for the user. This list (if provided) must be a comma separated list of string like 'email,ldap,google' [optional]
alternateEmailLoginAllowed Boolean Allow alternate email-based login via '/login/email' for admins and for specified users with the 'login_special_email' permission. This option is useful as a fallback during ldap setup, if ldap config problems occur later, or if you need to support some users who are not in your ldap directory. Looker email/password logins are always disabled for regular users when ldap is enabled. [optional]
testSlug String Slug to identify configurations that are created in order to run a Saml config test [optional]
modifiedAt String When this config was last modified [optional]
modifiedBy String User id of user who last modified this config [optional]
defaultNewUserRoles [Role] (Read-only) Roles that will be applied to new users the first time they login via Saml [optional]
defaultNewUserGroups [Group] (Read-only) Groups that will be applied to new users the first time they login via Saml [optional]
defaultNewUserRoleIds [Number] (Write-Only) Array of ids of roles that will be applied to new users the first time they login via Saml [optional]
defaultNewUserGroupIds [Number] (Write-Only) Array of ids of groups that will be applied to new users the first time they login via Saml [optional]
setRolesFromGroups Boolean Set user roles in Looker based on groups from Saml [optional]
groupsAttribute String Name of user record attributes used to indicate groups. Used when 'groups_finder_type' is set to 'grouped_attribute_values' [optional]
groups [SamlGroupRead] (Read-only) Array of mappings between Saml Groups and Looker Roles [optional]
groupsWithRoleIds [SamlGroupWrite] (Read/Write) Array of mappings between Saml Groups and arrays of Looker Role ids [optional]
authRequiresRole Boolean Users will not be allowed to login at all unless a role for them is found in Saml if set to true [optional]
userAttributes [SamlUserAttributeRead] (Read-only) Array of mappings between Saml User Attributes and Looker User Attributes [optional]
userAttributesWithIds [SamlUserAttributeWrite] (Read/Write) Array of mappings between Saml User Attributes and arrays of Looker User Attribute ids [optional]
groupsFinderType String Identifier for a strategy for how Looker will find groups in the SAML response. One of ['grouped_attribute_values', 'individual_attributes'] [optional]
groupsMemberValue String Value for group attribute used to indicate membership. Used when 'groups_finder_type' is set to 'individual_attributes' [optional]
bypassLoginPage Boolean Bypass the login page when user authentication is required. Redirect to IdP immediately instead. [optional]
url String Link to get this item [optional]
can {String: Boolean} Operations the current user is able to perform on this object [optional]