Queries the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).

Usage notes

This topic provides an example on how to query the configurations of the SAML IdP within the directory d-00fc2p61****.

Limits

You can call this operation up to 100 times per second per account. This operation is globally limited to 100 times per second across all accounts. If the number of the calls per second exceeds a limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limits when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes GetExternalSAMLIdentityProvider

The operation that you want to perform. Set the value to GetExternalSAMLIdentityProvider.

DirectoryId String Yes d-00fc2p61****

The ID of the directory.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
RequestId String 96D1E5FF-0301-5636-8D33-071E033CFB82

The ID of the request.

SAMLIdentityProviderConfiguration Object

The configurations of the IdP.

EntityId String http://www.okta.com/exk3qwgtjhetR2Od****

The entity ID of the IdP.

SSOStatus String Enabled

The status of SSO logon. Valid values:

  • Enabled
  • Disabled
DirectoryId String d-00fc2p61****

The ID of the directory.

EncodedMetadataDocument String PD94bWwgdmVyc2lvbj0iMS4****

The metadata file of the IdP. The value of this parameter is Base64-encoded.

CreateTime String 2021-11-09T09:30:13Z

The time when the IdP was configured for the first time.

WantRequestSigned Boolean false

Indicates whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:

  • true: yes
  • false: no (default)
UpdateTime String 2021-11-09T09:30:22Z

The time when the IdP configurations were last modified.

CertificateIds Array of String [ "idp-c-00s6c04my7hvv1uj****" ]

The ID of the SAML signing certificate.

Multiple IDs are separated by commas (,).

LoginUrl String https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml

The logon URL of the IdP.

Examples

Sample requests

https://[Endpoint]/?Action=GetExternalSAMLIdentityProvider
&DirectoryId=d-00fc2p61****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<GetExternalSAMLIdentityProviderResponse>
    <RequestId>96D1E5FF-0301-5636-8D33-071E033CFB82</RequestId>
    <SAMLIdentityProviderConfiguration>
        <EntityId>http://www.okta.com/exk3qwgtjhetR2Od****</EntityId>
        <SSOStatus>Enabled</SSOStatus>
        <DirectoryId>d-00fc2p61****</DirectoryId>
        <EncodedMetadataDocument>PD94bWwgdmVyc2lvbj0iMS4****</EncodedMetadataDocument>
        <CreateTime>2021-11-09T09:30:13Z</CreateTime>
        <WantRequestSigned>false</WantRequestSigned>
        <UpdateTime>2021-11-09T09:30:22Z</UpdateTime>
        <CertificateIds>idp-c-00s6c04my7hvv1uj****</CertificateIds>
        <LoginUrl>https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml</LoginUrl>
    </SAMLIdentityProviderConfiguration>
</GetExternalSAMLIdentityProviderResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "96D1E5FF-0301-5636-8D33-071E033CFB82",
  "SAMLIdentityProviderConfiguration" : {
    "EntityId" : "http://www.okta.com/exk3qwgtjhetR2Od****",
    "SSOStatus" : "Enabled",
    "DirectoryId" : "d-00fc2p61****",
    "EncodedMetadataDocument" : "PD94bWwgdmVyc2lvbj0iMS4****",
    "CreateTime" : "2021-11-09T09:30:13Z",
    "WantRequestSigned" : false,
    "UpdateTime" : "2021-11-09T09:30:22Z",
    "CertificateIds" : [ "idp-c-00s6c04my7hvv1uj****" ],
    "LoginUrl" : "https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml"
  }
}

Error codes

For a list of error codes, visit the API Error Center.