Class: AWS.SSO
- Inherits:
-
AWS.Service
- Object
- AWS.Service
- AWS.SSO
- Identifier:
- sso
- API Version:
- 2019-06-10
- Defined in:
- (unknown)
Overview
Constructs a service interface object. Each API operation is exposed as a function on service.
Service Description
Amazon Web Services Single Sign On Portal is a web service that makes it easy for you to assign user access to Amazon Web Services SSO resources such as the AWS access portal. Users can get Amazon Web Services account applications and roles assigned to them and get federated into the application.
sso
and identitystore
API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see Amazon Web Services SSO rename. This reference guide describes the Amazon Web Services SSO Portal operations that you can call programatically and includes detailed information on data types and errors.
Sending a Request Using SSO
var sso = new AWS.SSO();
sso.getRoleCredentials(params, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
Locking the API Version
In order to ensure that the SSO object uses this specific API, you can
construct the object by passing the apiVersion
option to the constructor:
var sso = new AWS.SSO({apiVersion: '2019-06-10'});
You can also set the API version globally in AWS.config.apiVersions
using
the sso service identifier:
AWS.config.apiVersions = {
sso: '2019-06-10',
// other service API versions
};
var sso = new AWS.SSO();
Constructor Summary collapse
-
new AWS.SSO(options = {}) ⇒ Object
constructor
Constructs a service object.
Property Summary collapse
-
endpoint ⇒ AWS.Endpoint
readwrite
An Endpoint object representing the endpoint URL for service requests.
Properties inherited from AWS.Service
Method Summary collapse
-
getRoleCredentials(params = {}, callback) ⇒ AWS.Request
Returns the STS short-term credentials for a given role name that is assigned to the user.
.
-
listAccountRoles(params = {}, callback) ⇒ AWS.Request
Lists all roles that are assigned to the user for a given Amazon Web Services account.
.
-
listAccounts(params = {}, callback) ⇒ AWS.Request
Lists all Amazon Web Services accounts assigned to the user.
-
logout(params = {}, callback) ⇒ AWS.Request
Removes the locally stored SSO tokens from the client-side cache and sends an API call to the Amazon Web Services SSO service to invalidate the corresponding server-side Amazon Web Services SSO sign in session.
Note: If a user uses Amazon Web Services SSO to access the AWS CLI, the user’s Amazon Web Services SSO sign in session is used to obtain an IAM session, as specified in the corresponding Amazon Web Services SSO permission set.Methods inherited from AWS.Service
makeRequest, makeUnauthenticatedRequest, waitFor, setupRequestListeners, defineService
Constructor Details
new AWS.SSO(options = {}) ⇒ Object
Constructs a service object. This object has one method for each API operation.
Property Details
Method Details
getRoleCredentials(params = {}, callback) ⇒ AWS.Request
Returns the STS short-term credentials for a given role name that is assigned to the user.
listAccountRoles(params = {}, callback) ⇒ AWS.Request
Lists all roles that are assigned to the user for a given Amazon Web Services account.
listAccounts(params = {}, callback) ⇒ AWS.Request
Lists all Amazon Web Services accounts assigned to the user. These Amazon Web Services accounts are assigned by the administrator of the account. For more information, see Assign User Access in the Amazon Web Services SSO User Guide. This operation returns a paginated response.
logout(params = {}, callback) ⇒ AWS.Request
Removes the locally stored SSO tokens from the client-side cache and sends an API call to the Amazon Web Services SSO service to invalidate the corresponding server-side Amazon Web Services SSO sign in session.
Note: If a user uses Amazon Web Services SSO to access the AWS CLI, the user’s Amazon Web Services SSO sign in session is used to obtain an IAM session, as specified in the corresponding Amazon Web Services SSO permission set. More specifically, Amazon Web Services SSO assumes an IAM role in the target account on behalf of the user, and the corresponding temporary Amazon Web Services credentials are returned to the client. After user logout, any existing IAM role sessions that were created by using Amazon Web Services SSO permission sets continue based on the duration configured in the permission set. For more information, see User authentications in the Amazon Web Services SSO User Guide.