UpdateWorkspaceAuthentication - Amazon Managed Grafana
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

UpdateWorkspaceAuthentication

Use this operation to define the identity provider (IdP) that this workspace authenticates users from, using SAML. You can also map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

Note

Changes to the authentication method for a workspace may take a few minutes to take effect.

Request Syntax

POST /workspaces/workspaceId/authentication HTTP/1.1
Content-type: application/json

{
   "authenticationProviders": [ "string" ],
   "samlConfiguration": { 
      "allowedOrganizations": [ "string" ],
      "assertionAttributes": { 
         "email": "string",
         "groups": "string",
         "login": "string",
         "name": "string",
         "org": "string",
         "role": "string"
      },
      "idpMetadata": { ... },
      "loginValidityDuration": number,
      "roleValues": { 
         "admin": [ "string" ],
         "editor": [ "string" ]
      }
   }
}

URI Request Parameters

The request uses the following URI parameters.

workspaceId

The ID of the workspace to update the authentication for.

Pattern: ^g-[0-9a-f]{10}$

Required: Yes

Request Body

The request accepts the following data in JSON format.

authenticationProviders

Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.

Type: Array of strings

Valid Values: AWS_SSO | SAML

Required: Yes

samlConfiguration

If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

Type: SamlConfiguration object

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "authentication": { 
      "awsSso": { 
         "ssoClientId": "string"
      },
      "providers": [ "string" ],
      "saml": { 
         "configuration": { 
            "allowedOrganizations": [ "string" ],
            "assertionAttributes": { 
               "email": "string",
               "groups": "string",
               "login": "string",
               "name": "string",
               "org": "string",
               "role": "string"
            },
            "idpMetadata": { ... },
            "loginValidityDuration": number,
            "roleValues": { 
               "admin": [ "string" ],
               "editor": [ "string" ]
            }
         },
         "status": "string"
      }
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

authentication

A structure that describes the user authentication for this workspace after the update is made.

Type: AuthenticationDescription object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient permissions to perform this action.

HTTP Status Code: 403

ConflictException

A resource was in an inconsistent state during an update or a deletion.

HTTP Status Code: 409

InternalServerException

Unexpected error while processing the request. Retry the request.

HTTP Status Code: 500

ResourceNotFoundException

The request references a resource that does not exist.

HTTP Status Code: 404

ThrottlingException

The request was denied because of request throttling. Retry the request.

HTTP Status Code: 429

ValidationException

The value of a parameter in the request caused an error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: