UpdateWorkspaceAuthentication
Use this operation to define the identity provider (IdP) that this workspace
authenticates users from, using SAML. You can also map SAML assertion attributes to
workspace user information and define which groups in the assertion attribute are to
have the Admin and Editor roles in the workspace.
Note
Changes to the authentication method for a workspace may take a few minutes to take effect.
Request Syntax
POST /workspaces/workspaceId/authentication HTTP/1.1
Content-type: application/json
{
"authenticationProviders": [ "string" ],
"samlConfiguration": {
"allowedOrganizations": [ "string" ],
"assertionAttributes": {
"email": "string",
"groups": "string",
"login": "string",
"name": "string",
"org": "string",
"role": "string"
},
"idpMetadata": { ... },
"loginValidityDuration": number,
"roleValues": {
"admin": [ "string" ],
"editor": [ "string" ]
}
}
}URI Request Parameters
The request uses the following URI parameters.
- workspaceId
-
The ID of the workspace to update the authentication for.
Pattern:
g-[0-9a-f]{10}Required: Yes
Request Body
The request accepts the following data in JSON format.
- authenticationProviders
-
Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
Type: Array of strings
Valid Values:
AWS_SSO | SAMLRequired: Yes
- samlConfiguration
-
If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the
AdminandEditorroles in the workspace.Type: SamlConfiguration object
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"authentication": {
"awsSso": {
"ssoClientId": "string"
},
"providers": [ "string" ],
"saml": {
"configuration": {
"allowedOrganizations": [ "string" ],
"assertionAttributes": {
"email": "string",
"groups": "string",
"login": "string",
"name": "string",
"org": "string",
"role": "string"
},
"idpMetadata": { ... },
"loginValidityDuration": number,
"roleValues": {
"admin": [ "string" ],
"editor": [ "string" ]
}
},
"status": "string"
}
}
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- authentication
-
A structure that describes the user authentication for this workspace after the update is made.
Type: AuthenticationDescription object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient permissions to perform this action.
HTTP Status Code: 403
- ConflictException
-
A resource was in an inconsistent state during an update or a deletion.
HTTP Status Code: 409
- InternalServerException
-
Unexpected error while processing the request. Retry the request.
HTTP Status Code: 500
- ResourceNotFoundException
-
The request references a resource that does not exist.
HTTP Status Code: 404
- ThrottlingException
-
The request was denied because of request throttling. Retry the request.
HTTP Status Code: 429
- ValidationException
-
The value of a parameter in the request caused an error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
