Request Syntax URI Request Parameters Request Body Response Syntax Response Elements Errors See Also

UpdateWorkspaceAuthentication

Use this operation to define the identity provider (IdP) that this workspace authenticates users from, using SAML. You can also map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

Note

Changes to the authentication method for a workspace may take a few minutes to take effect.

Request Syntax


POST /workspaces/workspaceId/authentication HTTP/1.1
Content-type: application/json

{
   "authenticationProviders": [ "string" ],
   "samlConfiguration": { 
      "allowedOrganizations": [ "string" ],
      "assertionAttributes": { 
         "email": "string",
         "groups": "string",
         "login": "string",
         "name": "string",
         "org": "string",
         "role": "string"
      },
      "idpMetadata": { ... },
      "loginValidityDuration": number,
      "roleValues": { 
         "admin": [ "string" ],
         "editor": [ "string" ]
      }
   }
}

URI Request Parameters

The request uses the following URI parameters.

workspaceId

The ID of the workspace to update the authentication for.

Pattern: g-[0-9a-f]{10}

Required: Yes

Request Body

The request accepts the following data in JSON format.

authenticationProviders

Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.

Type: Array of strings

Valid Values: AWS_SSO | SAML

Required: Yes

samlConfiguration

If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

Type: SamlConfiguration object

Required: No

Response Syntax


HTTP/1.1 200
Content-type: application/json

{
   "authentication": { 
      "awsSso": { 
         "ssoClientId": "string"
      },
      "providers": [ "string" ],
      "saml": { 
         "configuration": { 
            "allowedOrganizations": [ "string" ],
            "assertionAttributes": { 
               "email": "string",
               "groups": "string",
               "login": "string",
               "name": "string",
               "org": "string",
               "role": "string"
            },
            "idpMetadata": { ... },
            "loginValidityDuration": number,
            "roleValues": { 
               "admin": [ "string" ],
               "editor": [ "string" ]
            }
         },
         "status": "string"
      }
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

authentication

A structure that describes the user authentication for this workspace after the update is made.

Type: AuthenticationDescription object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient permissions to perform this action.

HTTP Status Code: 403

ConflictException

A resource was in an inconsistent state during an update or a deletion.

message: A description of the error.
resourceId: The ID of the resource that is associated with the error.
resourceType: The type of the resource that is associated with the error.

HTTP Status Code: 409

InternalServerException

Unexpected error while processing the request. Retry the request.

message: A description of the error.
retryAfterSeconds: How long to wait before you retry this operation.

HTTP Status Code: 500

ResourceNotFoundException

The request references a resource that does not exist.

message: The value of a parameter in the request caused an error.
resourceId: The ID of the resource that is associated with the error.
resourceType: The type of the resource that is associated with the error.

HTTP Status Code: 404

ThrottlingException

The request was denied because of request throttling. Retry the request.

message: A description of the error.
quotaCode: The ID of the service quota that was exceeded.
retryAfterSeconds: The value of a parameter in the request caused an error.
serviceCode: The ID of the service that is associated with the error.

HTTP Status Code: 429

ValidationException

The value of a parameter in the request caused an error.

fieldList: A list of fields that might be associated with the error.
message: A description of the error.
reason: The reason that the operation failed.

HTTP Status Code: 400