Advanced Authentication SaaS Concepts
Products
An AA product file is a json representation of a purchasable block of functionality. The json defines UI representations, AA licenses which are to be granted, and optionally information about policies, as well as onboarding actions. See create product rest api for details. Products may also be installed via the au-saas script. Sample product definition files:
-
aa-base.json an AA instance with support for all authentication methods, the billing dimension is per user per month. Used when a customer buys AA. Requires aa-client-usage and aa-data-usage be installed in tandem.
-
aa-client-usage.json Mandatory add-on product to aa-base and aa-risk instances. Allows for billing for enhanced authentication methods. The billing dimension is per user per month. (ex. In a given month, if a user uses one or more of the enhanced methods, they will be billed for that user).
-
aa-data-overage.json Mandatory add-on product to aa-limited, aa-base and aa-risk instances. Allows for billing for overages of data usage methods (SMS_OTP, Voice_OTP, Voice). Billing is for data blocks of 1000. Every month, each user is allotted a number of usages of data methods. Any overages are billed for. (ex In a given month, we calculate the number of data usages per user and total the number of data overages for all users. 1-1000 overages = 1 aa-data-usage block, 1001-2000 overages = 2 aa-data-usage block etc).
-
aa-identity-proofing.json (Future)
-
ig-aa-addon.json Optional add-on product that must be added when customer purchases IG SaaS. No billing.
-
aa-limited.json an AA instance with support for limited authentication methods (email otp, emergency password, HOTP, ldap password, password, radius, SMS otp and TOTP). There is no billing for the entitlement, however there is billing for entitlement overages, currently aa-data overages. Requires aa-data-usage be installed in tandem.
-
aa-limited-overage.json (Future)
-
aa-trial.json an AA instance with full AA support including risk. Limited number of users and limited time.
-
aa-risk.json A Risk based Adaptive AA instance with support for all authentication methods, the billing dimension is per user per month. Used when a customer buys Adaptive AA. Requires aa-client-usage and aa-data-usage be installed in tandem.
Tenants may be associated with more than one product, each association is made via a customer definition.
Product definitions have two identifiers, one is the database id used to identify the product within the AA system, this is dynamically assigned. The other identifier is the external_product_id, this identifier is how the product is defined in an external system. This could be a SKU, salesforce product definition id or Control Tower Asset Id.
Onboarding Actions
In the json product file there is a section for onboarding actions to be taken when the tenant is created ‘’’ “onboarding_actions”: { “issue_token”: true, “scim_repo_create_name”: “ig_bootstraping” “scim_repo_create_config”: {} “create_scim_repos”: [ {“name”: “Users”, “scim_repo_create_config”: {}} ] } ‘’’
-
issue_token results in a 7 day bearer token being issued which allows for public APIs to be called.
-
scim_repo_create_name results in a scim repo of the specified name to be created, the onboarding response will contain a bearer token valid for 1 year that allows all operations on the SCIM repo.
-
scim_repo_create_config any configuration options valid on a SCIM repo.
-
create_scim_repos - allows multiple scim repos to be created instead of just one, this is the prefered format, the ‘scim_repo_create_name’ will be phased out in the future.
Customers
An AA Customer is an association between a Product and a Tenant, and the state of that association. Every SaaS tenant should have at least one customer record associating it with a product.
Customer definitions have two identifiers, one is the database id used to identify the customer within the AA system, this is dynamically assigned. The other identifier is the external_customer_id, this identifier is how the customer is defined in an external system. This could be something like a salesforce customer id. In addition the customer record contains the current state of the relationship (enabled/disabled).1A
Current SaaS Deployed Implementation
In the COE environment some customers may be have only AA, some may have limited access to AA for example IG customers, or they might have bought the greater cyberres product family and be allowed full access to AA and every other Cyperres product. The functionality that is permitted and billed for is dependent on which product definitions are associated with a tenant.
IG customers may upgrade to full AA license, or may be given a trial license to full AA+risk, after the trial license expires they would revert back to a limited license.
Advanced Authentication Hosted SaaS API doc
The rest apis in this section are intended only for use when Advanced Authentication has been installed as a SaaS Product.
Authentication
Acceptable authentication is either a login_session_id passed on each call or a bearer token passed in the http header as ‘Authorization: Bearer {token}’
SaaS Specific AA Scripts
Each of these scripts have cmd line help.
-
au-saas-install - Called once and only once during initial setup of a SaaS system.
-
au-saas - Used to manage products and their associated licenses.
-
manage_token.py - create tokens used for SCIM and other API access.
-
onboard_tenant.py - used to call the rest apis to onboard tenants, or add additional products to tenants.
-
configure_cloudbridge.py - setup the tenant for cloudbridge sync.
Tenant Onboarding ¶
Advanced Authentication Onboarding Tenants
This is the process of creating a customer instance, and associating that instance with one or more products. The assumption in the IAM SaaS is that Advanced Authentication provides the authentication for all services, therefore AA will be the first product installed. All IAM products are permitted free access to the AA functionality of authentication, and a few second factors with no AA contract or billing. For access to all AA second factors, risk integration, and federation services an AA contract is required, resulting in the customer being billed for AA services consumed.
Onboarding Assumptions
-
System has been setup for SaaS and multi tenant mode.
-
The AA system has been configured with SaaS products. An AA product is a json representation of a purchasable block of functionality. The json defines UI representations, AA licenses which are to be granted, and optionally information about policies. See create product rest api for details. Products may also be installed via the au-saas script.
-
Authorization for onboarding is only available as a TOP superadmin user.
Onboarding via AWS Marketplace
Onboarding functionality in AA was originally designed around the AWS Marketplace model.
-
Create the the product description in the AWS marketplace portal.
- Billing dimension should be listed as user_month.
- Point the SaaS url to ‘https://{saas_dns}/api/v1/awsonboard’.
-
Use the au-saas script to create the product description in the AA system.
-
Visit the marketplace and select the newly created product. The user is directed through the following actions:
- AWS marketplace makes a post to the /api/v1/awsonboard url with a aws-marketplace-token.
- AA Server code resolves token to product and customer ids, returns a aa-onboard-token, and redirects the browser.
- Browser is redirected to /cloudui which allows the user to enter required information or login to an existing tenant.
- For new tenants the /cloudui passes the aa-onboard-token and user input to a POST on /api/v1/saastenant which finalizes tenant creation.
- For existing tenants the /cloudui passes the aa-onboard-token and authenticated session to a PUT on /api/v1/saastenant which finalizes tenant creation.
Onboarding a new Tenant via the AA admin UI for internal and trial customers
This is primarily for testing, it does not allow for adding additional products to existing tenants. On tenant create a single product may be associated with a tenant. The customerid is not passed random
Onboarding additional products to an existing tenant
- Call Onboarding
Onboarding via scripts or lambda functions - Used by Micro Focus Center of Excellence
This is a UI less onboarding of new tenants or association of new products with the existing tenant.
Onboarding Authentication and Authorization
Creating new tenants and removal of any product associations requires TOP superadmin privileges. Tenant admins my add additional products to their tenant.
The script manage_token.py may be used to obtain tokens for use with this script or if only user/password is required then that may be used in this script.
Script Examples
python3 onboard_tenant.py --host https://localhost --user admin --password admin create -pid 1 -ch None -f ../app/aucore/products/aa-limited.json
python3 onboard_tenant.py --host https://localhost --user admin --password admin create -pid 2 -ch None -f ../app/aucore/products/aa-limited-overage.json
python3 onboard_tenant.py --host https://localhost --user admin --password admin create -pid 3 -ch None -f ../app/aucore/products/ig-aa-addon.json
python3 onboard_tenant.py --host https://localhost --user admin --password admin create -pids 1,2,3 -cids c1,c2,c3 -tn FROGGY -td "Froggy Tenant" -tp admin -te=fakeadmin@froggy.com
( { 'results': [ { 'admin': { 'id': 'ddb37d7d4cf43586abaa911e9a44fb80',
'last_fail_at': None,
'loginame': 'fakeadmin@froggy.com',
'obj_id': '5de91d34ddd811eba5e00242ac110004',
'repo_id': '5dde8414ddd811eba5e00242ac110004',
'repo_name': 'LOCAL',
'user_name': 'LOCAL\\fakeadmin@froggy.com'},
'chains': [ {'id': '5dc63f30ddd811eba5e00242ac110004', 'methods': ['LDAP_PASSWORD:1'], 'name': 'LDAP Password Only'},
{'id': '5dc418f4ddd811eba5e00242ac110004', 'methods': ['PASSWORD:1'], 'name': 'Password Only'}],
'customer': { 'billing': {'dimensions': ['user_month'], 'history': [{'user_month': []}]},
'external_customer_id': 'c1',
'external_product_id': '1',
'id': '5de10b1cddd811eba5e00242ac110004',
'product_id': 'b3ebcb3addb211eb98800242ac110004',
'state': 'subscribe',
'tenant_id': '5daafd56ddd811eba5e00242ac110004',
'tenant_name': 'FROGGY'},
'domains': ['froggy.com'],
'product': { 'data': { 'billing': {'dimensions': ['user_month']},
'description': { 'fulldesc': 'Adaptive Authentication Limited Active User Entitled Monthly Subscription SaaS',
'fulldescid': 'SA-AB805',
'name': 'AA Limited',
'nameid': 'SA-AB805'},
'licenses': [ { 'restricts': [ { 'methods': { 'EMAIL_OTP:1': {},
'EMERG_PASSWORD:1': {},
'HOTP:1': {},
'LDAP_PASSWORD:1': {},
'PASSWORD:1': {},
'RADIUS:1': {},
'SMS_OTP:1': {},
'TOTP:1': {}},
'type': 'limited'}]}]},
'external_product_id': '1',
'id': 'b3ebcb3addb211eb98800242ac110004',
'notification_channel': 'None'},
'tenant': { 'desc': 'Froggy Tenant',
'disabled': False,
'expired_warning': False,
'id': '5daafd56ddd811eba5e00242ac110004',
'license_min': '9999-12-31T00:00:00.0',
'name': 'FROGGY',
'repo_count': 1}},
{ 'admin': { 'id': '79450d085a98148221e7b1a03468397a',
'last_fail_at': None,
'loginame': 'ADMIN',
'obj_id': '4ece8bf2db5011eb89260242ac110004',
'repo_id': '4ecc8690db5011eb89260242ac110004',
'repo_name': 'LOCAL',
'user_name': 'LOCAL\\ADMIN'},
'chains': [ {'id': '5dc63f30ddd811eba5e00242ac110004', 'methods': ['LDAP_PASSWORD:1'], 'name': 'LDAP Password Only'},
{'id': '5dc418f4ddd811eba5e00242ac110004', 'methods': ['PASSWORD:1'], 'name': 'Password Only'}],
'customer': { 'billing': {'dimensions': ['user_month'], 'history': [{'user_month': []}]},
'external_customer_id': 'c2',
'external_product_id': '2',
'id': '5e5acf42ddd811eba5e00242ac110004',
'product_id': 'b41f0392ddb211eb98800242ac110004',
'state': 'subscribe',
'tenant_id': '5daafd56ddd811eba5e00242ac110004',
'tenant_name': 'FROGGY'},
'domains': ['froggy.com'],
'product': { 'data': { 'description': { 'fulldesc': 'Adaptive Authentication Limited Active User Overage Monthly Subscription SaaS',
'fulldescid': 'SA-AB806',
'name': 'AA Limited Overage',
'nameid': 'SA-AB806'}},
'external_product_id': '2',
'id': 'b41f0392ddb211eb98800242ac110004',
'notification_channel': 'None'},
'tenant': { 'desc': 'Froggy Tenant',
'disabled': False,
'expired_warning': False,
'id': '5daafd56ddd811eba5e00242ac110004',
'license_min': '9999-12-31T00:00:00.0',
'name': 'FROGGY',
'repo_count': 1}},
{ 'admin': { 'id': '79450d085a98148221e7b1a03468397a',
'last_fail_at': None,
'loginame': 'ADMIN',
'obj_id': '4ece8bf2db5011eb89260242ac110004',
'repo_id': '4ecc8690db5011eb89260242ac110004',
'repo_name': 'LOCAL',
'user_name': 'LOCAL\\ADMIN'},
'bearer_token': 'eyJhbGciOiJkaXIiLCJhdWQiOiJ0cyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJpc3MiOiJ0cyIsInRlbiI6IjVkYWFmZDU2ZGRkODExZWJhNWUwMDI0MmFjMTEwMDA0In0..XqkAl0siA_70szbBKTFkGA.WxDs-b3sqekZ328UdgcHQGqEQ6-2xCuytcR4o21IL3oGnBkt7NfNifTD1AL1Q-cYSdp8b_Rb_WIDIay_j9PvBYaFnf0Gf99tkTwG9BkouYOiMGNeKJ3wgv-5TH5TLRfm6DsVRkdIUdSRFuREtAkldlmw-zNZXTgknLhxutO4xU3t1TVcwOCYfqs2qNimHPTH9eAOq-QZlwe0XivwGPeqxg2oE1_d_W7QUgIT5kXleBNXVV9DxHrG19eINDzaz0MRgkn6zgOV1gx2kBS1F1ScLoheqzOg1ooNaBctEe8-dOfaE9R6H6bCDoSI4pZ0hO2yUTQd8lYydoLSt7dBiq0VXC-xO5eUDL-xQ3aY42gJDsXsBFGaNnomnc4VFQMtSB2t.TIxPCYHhGv_hKC5iFurTxA',
'chains': [ {'id': '5dc63f30ddd811eba5e00242ac110004', 'methods': ['LDAP_PASSWORD:1'], 'name': 'LDAP Password Only'},
{'id': '5dc418f4ddd811eba5e00242ac110004', 'methods': ['PASSWORD:1'], 'name': 'Password Only'}],
'customer': { 'billing': {'dimensions': ['user_month'], 'history': [{'user_month': []}]},
'external_customer_id': 'c3',
'external_product_id': '3',
'id': '5eacc84cddd811eba5e00242ac110004',
'product_id': 'b453f462ddb211eb98800242ac110004',
'state': 'subscribe',
'tenant_id': '5daafd56ddd811eba5e00242ac110004',
'tenant_name': 'FROGGY'},
'domains': ['froggy.com'],
'product': { 'data': { 'description': { 'fulldesc': 'Identitiy Governance Integration with Advanced Authentication',
'fulldescid': 'IG-AA-Integration',
'name': 'IG-AA',
'nameid': 'IG-AA-Integration'},
'onboarding_actions': {'issue_token': True, 'scim_repo_create_name': 'ig_bootstraping'}},
'external_product_id': '3',
'id': 'b453f462ddb211eb98800242ac110004',
'notification_channel': 'None'},
'scim_repo': { 'bearer_token': 'eyJhbGciOiJkaXIiLCJhdWQiOiJ0cyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJpc3MiOiJ0cyIsInRlbiI6IjVkYWFmZDU2ZGRkODExZWJhNWUwMDI0MmFjMTEwMDA0In0..pqXpckYrIrJJ7zbBzKgs8w.TCfEBoPeH0peCUrI0lUDp8lfCe-BbtG9M_feVyYdEgZ9qPsRNXjrT24xc0nK6NHSpqjaAuZjTAYF6Kd6xEsZM_19LYr_v2hjWxkCwRpJ3KWjDTlEFZo7e_nGnLG9QaQ8ZX3ByRkFYJjL4WaY0lINhff_JXw8TbxcXlUeIJpxz00LBIs2prxBpAaKwW3_j-vqhaLPs5bAjbfZ7Ug61pMdUAnKqGbYnhOnk2jkV1iMdt7_8foJ61olzNV4IIeGM1pBCWjkUM5zEUaCFnLyPmEch_tlEGxa5K3RIcNHO_XqAI-KJBRXPgFmmZ6AT-F4n7tJ2-lSUSsN4o6y-uaYdGR0ccEXIECjENDjiquN-zD9_Q9Hei94YRrMtqK013yF_2y4wORO-p_jZBJCRKZmvzHWPJCXIj_OfBOweL61vhy5v-Y.xPj5oFI6wVcJlfjDHq3x8w',
'name': 'ig_bootstraping'},
'tenant': { 'desc': 'Froggy Tenant',
'disabled': False,
'expired_warning': False,
'id': '5daafd56ddd811eba5e00242ac110004',
'license_min': '9999-12-31T00:00:00.0',
'name': 'FROGGY',
'repo_count': 1}}]},)
AA show all customers and products associated with a tenant: ¶
AA show all customers and products associated with a tenant:GET/api/v1/saastenant
AA new tenant onboarding: ¶
Headers
Content-Type: application/json
Body
{
'login_session_id': 'LRvql8GD946V7ryN8fesWBLhN1I7dpEe',
'tenant_name': "Tenant43',
'tenant_desc': "Tenant 43 description',
'tenant_admin_password': '1234567890Ab',
'tenant_admin_email': 'admin@frog.com',
'tenant_admin_mobile': '+18018615555',
'associations': [{'external_product_id': 'original', 'external_customer_id': 'internal:original:1'}]
}
Headers
Content-Type: application/json
Body
{
'results': [
{
'admin':
{
'id': '633196a3a49269609003fe3ef2270c9a',
'last_fail_at': None,
'loginame': 'froggy@1.frog.com',
'obj_id': 'e5308514de7b11ea87b10242ac110004',
'repo_id': 'e517bc5ade7b11ea87b10242ac110004',
'repo_name': 'LOCAL',
'user_name': 'LOCAL\froggy@1.frog.com'
},
'customer':
{
'external_customer_id': '1',
'external_product_id': 'trial',
'id': 'e517f058de7b11ea87b10242ac110004',
'product_id': '81d4a014de4d11eab9570242ac110004',
'state': 'subscribe',
'tenant_id': 'e502a1b2de7b11ea87b10242ac110004',
'tenant_name': '1FROG'
},
'domains':
['1.frog.com'],
'product':
{
'data':
{
'description':
{
'fulldesc': 'Allows total of 50 users to access all Advanced Authentication functionality for 45 days',
'fulldescid': 'trial-fulldesc-id',
'name': 'Trial AA License (50 users, 45 days)',
'nameid': 'trial-name-id'
},
'licenses':
[
{
'days': 45,
'restricts':
[
{
'type': 'risk_service'
},
{
'type': 'trial',
'users': 50
}
]
}
],
'external_product_id': 'trial',
'id': '81d4a014de4d11eab9570242ac110004',
'notification_channel': 'rad'
},
'tenant':
{
'desc': 'test desc',
'expired_warning': False,
'id': 'e502a1b2de7b11ea87b10242ac110004',
'license_min': '9999-12-31T00:00:00.0',
'name': '1frog',
'repo_count': 1
}
}
]
}
AA new tenant onboarding:POST/api/v1/saastenant
Create a new tenant, create admin user, associate products, run any policy/license updates, and perform onboarding actions.
Can also be used to finish new tenant onboarding started via AWS markeplace flow. In this case instead of passing associations the caller should pass the state from the marketplace flow.
Associate existing tenant with additional SaaS product: ¶
Headers
Content-Type: application/json
Body
{
'login_session_id': 'LRvql8GD946V7ryN8fesWBLhN1I7dpEe',
'tenant_name': "Tenant43',
'associations': [{'external_product_id': 'original', 'external_customer_id': 'internal:original:1'}]
}
Headers
Content-Type: application/json
Body
{
'results': [
{
'admin':
{
'id': '633196a3a49269609003fe3ef2270c9a',
'last_fail_at': None,
'loginame': 'froggy@1.frog.com',
'obj_id': 'e5308514de7b11ea87b10242ac110004',
'repo_id': 'e517bc5ade7b11ea87b10242ac110004',
'repo_name': 'LOCAL',
'user_name': 'LOCAL\froggy@1.frog.com'
},
'customer':
{
'external_customer_id': '1',
'external_product_id': 'trial',
'id': 'e517f058de7b11ea87b10242ac110004',
'product_id': '81d4a014de4d11eab9570242ac110004',
'state': 'subscribe',
'tenant_id': 'e502a1b2de7b11ea87b10242ac110004',
'tenant_name': '1FROG'
},
'domains':
['1.frog.com'],
'product':
{
'data':
{
'description':
{
'fulldesc': 'Allows total of 50 users to access all Advanced Authentication functionality for 45 days',
'fulldescid': 'trial-fulldesc-id',
'name': 'Trial AA License (50 users, 45 days)',
'nameid': 'trial-name-id'
},
'licenses':
[
{
'days': 45,
'restricts':
[
{
'type': 'risk_service'
},
{
'type': 'trial',
'users': 50
}
]
}
],
'external_product_id': 'trial',
'id': '81d4a014de4d11eab9570242ac110004',
'notification_channel': 'rad'
},
'tenant':
{
'desc': 'test desc',
'expired_warning': False,
'id': 'e502a1b2de7b11ea87b10242ac110004',
'license_min': '9999-12-31T00:00:00.0',
'name': '1frog',
'repo_count': 1
}
}]
}
}
[GET /api/v1/awsonboard]
Start AA tenant onboarding flow - AWS Marketplace: ¶
Headers
Content-Type: application/json
Body
{
"x-amzn-marketplace-token": "token value"
}
Headers
Content-Type: application/json
Location: /nexturl?sate=xxxxxxxxxxxxxxx
Start AA tenant onboarding flow - AWS Marketplace:POST/api/v1/awsonboard
For use by AWS Marketplace only. For AWS description see onboarding The non-aws version of this call is GET
SaaS Management ¶
Return a list of all currently configured SaaS Products: ¶
Headers
Content-Type: application/json
Body
{
'login_session_id': 'LRvql8GD946V7ryN8fesWBLhN1I7dpEe'
}
Headers
Content-Type: application/json
Body
{
'products'
[
{
'data':
{
'description':
{
'fulldesc': 'Allows total of 50 users to access all Advanced Authentication functionality for 45 days',
'fulldescid': 'trial-fulldesc-id',
'name': 'Trial AA License (50 users, 45 days)',
'nameid': 'trial-name-id'
},
'licenses':
[
{
'days': 45,
'restricts':
[
{
'type': 'risk_service'
},
{
'type': 'trial',
'users': 50
}
]
}
],
'external_product_id': 'trial',
'id': '81d4a014de4d11eab9570242ac110004',
'notification_channel': 'rad'
}
]
}
Return a list of all currently configured SaaS Products:POST/api/v1/saasproductlist
Update a SaaS Product definition: ¶
Headers
Content-Type: application/json
Body
{
'login_session_id': 'LRvql8GD946V7ryN8fesWBLhN1I7dpEe',
'external_product_id': 'trial-changed',
'notification_channel': 'rad-changed'
}
Headers
Content-Type: application/json
Body
{
'id': '123456789999',
'external_product_id': 'trial-changed',
'notification_channel': 'rad-changed'
'data':
{
'description':
{
'fulldesc': 'Allows total of 50 users to access all Advanced Authentication functionality for 45 days',
'fulldescid': 'trial-fulldesc-id',
'name': 'Trial AA License (50 users, 45 days)',
'nameid': 'trial-name-id'
},
'licenses':
[
{
'days': 45,
'restricts':
[
{
'type': 'risk_service'
},
{
'type': 'trial',
'users': 50
}
]
}
]
}
}
Update a SaaS Product definition:PUT/api/v1/saasproduct/{product_id}
Pass in the fields to be updated in the product definition, the updated product be returned.
- product_id
string
(required) Example: 1234567890
Delete a Product definition: ¶
Headers
Content-Type: application/json
Body
{}
Headers
Content-Type: application/json
Body
{}
Delete a Product definition:DELETE/api/v1/saasproduct/{product_id}?login_session_id=xx
- product_id
string
(required) Example: 1234567890- login_session_id
string
(required) Example: LRvql8GD946V7ryN8fesWBLhN1I7dpEeID of the login session
Return a list of all currently configured SaaS Customers: ¶
Headers
Content-Type: application/json
Body
{
'login_session_id': 'LRvql8GD946V7ryN8fesWBLhN1I7dpEe'
}
Headers
Content-Type: application/json
Body
{
'customers'
[
{
'external_customer_id': '1',
'external_product_id': 'trial',
'id': 'e517f058de7b11ea87b10242ac110004',
'product_id': '81d4a014de4d11eab9570242ac110004',
'state': 'subscribe',
'tenant_id': 'e502a1b2de7b11ea87b10242ac110004',
'tenant_name': '1FROG'
}
]
}
Return a list of all currently configured SaaS Customers:POST/api/v1/saascustomerlist
Update a SaaS Customer: ¶
Headers
Content-Type: application/json
Body
{
'login_session_id': 'LRvql8GD946V7ryN8fesWBLhN1I7dpEe',
'external_product_id': 'trial-changed',
'external_customer_id': 'rad-changed',
'state':
}
Headers
Content-Type: application/json
Body
{
'external_customer_id': '1',
'external_product_id': 'trial',
'id': 'e517f058de7b11ea87b10242ac110004',
'product_id': '81d4a014de4d11eab9570242ac110004',
'state': 'subscribe',
'tenant_id': 'e502a1b2de7b11ea87b10242ac110004',
'tenant_name': '1FROG'
}
Update a SaaS Customer:PUT/api/v1/saascustomer/{customer_id}
Pass in the fields to be updated, the updated customer will be returned. Either external_product_id or state must be passed. Valid states: ‘subscribe’, ‘enabled’, ‘unsubscribe-pending’, ‘disabled’ To remove a customer association set the state to unsubscribe-pending, not disabled. This allows for final processing of the any reports or billing information.
- customer_id
string
(required) Example: 1234567890
Delete a customer definition: ¶
Headers
Content-Type: application/json
Body
{}
Headers
Content-Type: application/json
Body
{}
Delete a customer definition:DELETE/api/v1/saascustomer/{customer_id}?login_session_id=xx
- customer_id
string
(required) Example: 1234567890- login_session_id
string
(required) Example: LRvql8GD946V7ryN8fesWBLhN1I7dpEeID of the login session
Configure required Cloudbridge data: ¶
Headers
Content-Type: application/json
Body
{
"login_session_id": "LRvql8GD946V7ryN8fesWBLhN1I7dpEe",
"docker_image_download": "",
"docker_image_name": "",
"agents":
[
{"agent file as delivered from the COE"}
]
}
Headers
Content-Type: application/json
Body
{
null
}
Configure required Cloudbridge data:PUT/api/v1/saascloudbridge/{tenant_id}
- tenant_id
string
(required) Example: 23456788Tenant name or ID
Read and update tenant domains ¶
Read and update logon domains associated with this tenant
Register logon domains for the current tenant: ¶
Headers
Content-Type: application/json
Body
{
"login_session_id": "B3XBHzwAHuPfHwMHfSjf3eVdV3glCa0o",
"domains": [
{
"name": "test.com"
},
{
"name": "example.com"
}
]
}
Headers
Content-Type: application/json
Body
{
"domains": [
{
"name": "foo.example.com"
},
{
"name": "bar.example.com"
}
]
}
Register logon domains for the current tenant:PUT/api/v1/logondomains
Replaces any existing logon domains with the passed domains
Logon domains lookup: ¶
Headers
Content-Type: application/json
Body
{
"login_session_id": "JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX"
}
Headers
Content-Type: application/json
Body
{
"domains": [
{
"name": "foo.example.com"
},
{
"name": "bar.example.com"
}
]
}
Logon domains lookup:POST/api/v1/logondomains/get
Reads any existing logon domains
API Tokens ¶
API Tokens are long lived tokens for use by services, not all APIs currently support token based access.The token is passed as a bearer token to the API in an Authorization header. The APIs in this section login_session_id or a bearer token as authentication to the API.
Read information about an existing token: ¶
Headers
Content-Type: application/json
Body
{
'bearer_token': 'eyJhbGciOiJkaXIiLCJhdWQiOiJ0cyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJpc3MiOiJ0cyIsInRlbiI6ImRlZjBkZWYwZGVmMGRlZjBkZWYwZGVmMGRlZjBkZWYwIn0..3gUu7fbR7Qfl_BbyeQ71PQ.t_wFI-NWhiFTPB9IYVH5RXyIzhjtIRNwhBnyU1yhacppvuZcuCYYSnlVbPSU-ZQGlwz-ooZKFEkQZwJnYCPU54Vs7qTrsAXIt5zMdGV7XHzf0Arqev-Oa7O3Nq0yHP_1v84YUL_WkrAqLuQ1zleU5ySvQUHjB8MPt58r24zBhPBQChcza4XeZcOIiLTrRqDPnXCT-rucyp7Bs9XtGsROIqEv5HP8yGBrq_Z6mN_8CQQrBtEwrMl_RvowLorfioYzEqJkCrZe_yw50wItiAyM3iSpOJ_gRTtCtyL3aUbxSIp7TKQGYE4IGwBBCdI1nq0xYRFGFSMOPlaimokfAzlVsA.MO0ONkAqVS084E4mxjTLqg',
'details': {
'guid': '2ac6e4195cfb0ff83e55a0518e69d7d56e9ffcab',
'created': '2021-11-04T14:01:21.278973',
'revoked': None,
'expired_after': '2022-11-05T14:01:21.276665',
'scopes': []
}
}
Read information about an existing token:GET/api/v1/accesstoken/
Returns information about a previously issued token. Authorization may be accomplished via login_session_id or bearer token.
- login_session_id
string
(optional) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVXID of the login session
Revoke an existing token: ¶
Headers
Authorization: 'Bearer:xyz' (optional, string) The token passed in the authorization header is revoked.
Revoke an existing token:DELETE/api/v1/accesstoken/token_guid
The token identified by {token_guid} is revoked. Authorization may be accomplished via login_session_id or bearer token.
- login_session_id
string
(optional) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVXID of the login session
Renew an existing token: ¶
Headers
Authorization: 'Bearer:xyz' (required, string) The token passed in the authorization header is revoked.
Headers
Content-Type: application/json
Body
{
'bearer_token': 'eyJhbGciOiJkaXIiLCJhdWQiOiJ0cyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJpc3MiOiJ0cyIsInRlbiI6ImRlZjBkZWYwZGVmMGRlZjBkZWYwZGVmMGRlZjBkZWYwIn0..3gUu7fbR7Qfl_BbyeQ71PQ.t_wFI-NWhiFTPB9IYVH5RXyIzhjtIRNwhBnyU1yhacppvuZcuCYYSnlVbPSU-ZQGlwz-ooZKFEkQZwJnYCPU54Vs7qTrsAXIt5zMdGV7XHzf0Arqev-Oa7O3Nq0yHP_1v84YUL_WkrAqLuQ1zleU5ySvQUHjB8MPt58r24zBhPBQChcza4XeZcOIiLTrRqDPnXCT-rucyp7Bs9XtGsROIqEv5HP8yGBrq_Z6mN_8CQQrBtEwrMl_RvowLorfioYzEqJkCrZe_yw50wItiAyM3iSpOJ_gRTtCtyL3aUbxSIp7TKQGYE4IGwBBCdI1nq0xYRFGFSMOPlaimokfAzlVsA.MO0ONkAqVS084E4mxjTLqg',
'details': {
'guid': '2ac6e4195cfb0ff83e55a0518e69d7d56e9ffcab',
'created': '2021-11-04T14:01:21.278973',
'revoked': None,
'expired_after': '2022-11-05T14:01:21.276665',
'scopes': []
}
}
Renew an existing token:POST/api/v1/accesstokenrefresh
The claims, scope, and ttl are preserved from the original token issuance. After renewing the token the old token is revoked.
Generated by aglio on 02 Jun 2022