Path parameters

• federationSettingsId string Required

  Unique 24-hexadecimal digit string that identifies your federation.

  Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

• identityProviderId string Required

  Unique string that identifies the identity provider to connect. If using an API version before 11-15-2023, use the legacy 20-hexadecimal digit id. This id can be found within the Federation Management Console > Identity Providers tab by clicking the info icon in the IdP ID row of a configured identity provider. For all other versions, use the 24-hexadecimal digit id.

Query parameters

• envelope boolean

  Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

  Default value is false.

Responses

• 200 application/vnd.atlas.2023-01-01+json

  OK

  Hide response attributes Show response attributes object

  • acsUrl string

    URL that points to where to send the SAML response.

  • associatedDomains array[string]

    List that contains the domains associated with the identity provider.

  • associatedOrgs array[object]

    List that contains the connected organization configurations associated with the identity provider.

    Hide associatedOrgs attributes Show associatedOrgs attributes object

    • dataAccessIdentityProviderIds array[string]

      The collection of unique ids representing the identity providers that can be used for data access in this organization.

      Minimum length of each is 24, maximum length of each is 24. Format of each should match the following pattern: ^([a-f0-9]{24})$.

    • domainAllowList array[string]

      Approved domains that restrict users who can join the organization based on their email address.

    • domainRestrictionEnabled boolean Required

      Value that indicates whether domain restriction is enabled for this connected org.

    • identityProviderId string

      Legacy 20-hexadecimal digit string that identifies the UI access identity provider that this connected org config is associated with. This id can be found within the Federation Management Console > Identity Providers tab by clicking the info icon in the IdP ID row of a configured identity provider.

      Minimum length is 20, maximum length is 20. Format should match the following pattern: ^([a-f0-9]{20})$.

    • orgId string Required

      Unique 24-hexadecimal digit string that identifies the connected organization configuration.

      Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

    • postAuthRoleGrants array[string]

      Atlas roles that are granted to a user in this organization after authenticating. Roles are a human-readable label that identifies the collection of privileges that MongoDB Cloud grants a specific MongoDB Cloud user. These roles can only be organization specific roles.

      Values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN, ORG_BILLING_READ_ONLY, or ORG_READ_ONLY.

    • roleMappings array[object]

      Role mappings that are configured in this organization.

      Mapping settings that link one IdP and MongoDB Cloud.

      Hide roleMappings attributes Show roleMappings attributes object

      • externalGroupName string Required

        Unique human-readable label that identifies the identity provider group to which this role mapping applies.

        Minimum length is 1, maximum length is 200.

      • id string

        Unique 24-hexadecimal digit string that identifies this role mapping.

        Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

      • roleAssignments array[object]

        Atlas roles and the unique identifiers of the groups and organizations associated with each role. The array must include at least one element with an Organization role and its respective orgId. Each element in the array can have a value for orgId or groupId, but not both.

        Hide roleAssignments attributes Show roleAssignments attributes object

        • groupId string

          Unique 24-hexadecimal digit string that identifies the project to which this role belongs. Each element within roleAssignments can have a value for groupId or orgId, but not both.

          Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

        • orgId string

          Unique 24-hexadecimal digit string that identifies the organization to which this role belongs. Each element within roleAssignments can have a value for orgId or groupId, but not both.

          Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

        • role string

          Human-readable label that identifies the collection of privileges that MongoDB Cloud grants a specific API key, MongoDB Cloud user, or MongoDB Cloud team. These roles include organization- and project-level roles.

          Organization Roles

          • ORG_OWNER
          • ORG_MEMBER
          • ORG_GROUP_CREATOR
          • ORG_BILLING_ADMIN
          • ORG_READ_ONLY

          Project Roles

          • GROUP_CLUSTER_MANAGER
          • GROUP_DATA_ACCESS_ADMIN
          • GROUP_DATA_ACCESS_READ_ONLY
          • GROUP_DATA_ACCESS_READ_WRITE
          • GROUP_OWNER
          • GROUP_READ_ONLY
          • GROUP_SEARCH_INDEX_EDITOR
          • GROUP_STREAM_PROCESSING_OWNER

          Values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN, ORG_READ_ONLY, GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER, GROUP_READ_ONLY, GROUP_SEARCH_INDEX_EDITOR, or GROUP_STREAM_PROCESSING_OWNER.

    • userConflicts array[object]

      List that contains the users who have an email address that doesn't match any domain on the allowed list.

      MongoDB Cloud user linked to this federated authentication.

      Hide userConflicts attributes Show userConflicts attributes object

      • emailAddress string(email) Required

        Email address of the MongoDB Cloud user linked to the federated organization.

      • federationSettingsId string Required

        Unique 24-hexadecimal digit string that identifies the federation to which this MongoDB Cloud user belongs.

        Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

      • firstName string Required

        First or given name that belongs to the MongoDB Cloud user.

      • lastName string Required

        Last name, family name, or surname that belongs to the MongoDB Cloud user.

      • userId string

        Unique 24-hexadecimal digit string that identifies this user.

        Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

  • audienceUri string

    Unique string that identifies the intended audience of the SAML assertion.

  • createdAt string(date-time)

    Date that the identity provider was created on.

  • description string

    The description of the identity provider.

  • displayName string

    Human-readable label that identifies the identity provider.

  • id string Required

    Unique 24-hexadecimal digit string that identifies the identity provider.

    Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

  • idpType string

    String enum that indicates the type of the identity provider. Default is WORKFORCE.

    Values are WORKFORCE or WORKLOAD.

  • issuerUri string

    Unique string that identifies the issuer of the SAML Assertion or OIDC metadata/discovery document URL.

  • oktaIdpId string Required

    Legacy 20-hexadecimal digit string that identifies the identity provider.

    Minimum length is 20, maximum length is 20. Format should match the following pattern: ^([a-f0-9]{20})$.

  • pemFileInfo object

    PEM file information for the identity provider's current certificates.

    Hide pemFileInfo attributes Show pemFileInfo attributes object

    • certificates array[object]

      List of certificates in the file.

      Hide certificates attributes Show certificates attributes object

      • notAfter string(date-time)

        Latest date that the certificate is valid.

      • notBefore string(date-time)

        Earliest date that the certificate is valid.

    • fileName string

      Human-readable label given to the file.

  • protocol string

    String enum that indicates the protocol of the identity provider. Either SAML or OIDC.

    Values are SAML or OIDC.

  • requestBinding string

    SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request.

    Values are HTTP-POST or HTTP-REDIRECT.

  • responseSignatureAlgorithm string

    Signature algorithm that Federated Authentication uses to encrypt the identity provider signature.

    Values are SHA-1 or SHA-256.

  • slug string

    Custom SSO Url for the identity provider.

  • ssoDebugEnabled boolean

    Flag that indicates whether the identity provider has SSO debug enabled.

  • ssoUrl string

    URL that points to the receiver of the SAML authentication request.

  • status string

    String enum that indicates whether the identity provider is active.

    Values are ACTIVE or INACTIVE.

  • updatedAt string(date-time)

    Date that the identity provider was last updated on.

• 400 application/json

  Bad Request.

  Hide response attributes Show response attributes object

  • detail string

    Describes the specific conditions or reasons that cause each type of error.

  • error integer(int32)

    HTTP status code returned with this error.

    External documentation
  • errorCode string

    Application error code returned with this error.

  • parameters array[object]

    Parameters used to give more information about the error.
  • reason string

    Application error message returned with this error.

• 403 application/json

  Forbidden.

  Hide response attributes Show response attributes object

  • detail string

    Describes the specific conditions or reasons that cause each type of error.

  • error integer(int32)

    HTTP status code returned with this error.

    External documentation
  • errorCode string

    Application error code returned with this error.

  • parameters array[object]

    Parameters used to give more information about the error.
  • reason string

    Application error message returned with this error.

• 404 application/json

  Not Found.

  Hide response attributes Show response attributes object

  • detail string

    Describes the specific conditions or reasons that cause each type of error.

  • error integer(int32)

    HTTP status code returned with this error.

    External documentation
  • errorCode string

    Application error code returned with this error.

  • parameters array[object]

    Parameters used to give more information about the error.
  • reason string

    Application error message returned with this error.

• 500 application/json

  Internal Server Error.

  Hide response attributes Show response attributes object

  • detail string

    Describes the specific conditions or reasons that cause each type of error.

  • error integer(int32)

    HTTP status code returned with this error.

    External documentation
  • errorCode string

    Application error code returned with this error.

  • parameters array[object]

    Parameters used to give more information about the error.
  • reason string

    Application error message returned with this error.