If your organization uses SAML single sign-on (SSO) for authentication and authorization, use the Orgs resource to map SAML roles and groups to Informatica Intelligent Cloud Services roles. You can also use the Orgs resource to get details about SAML role and group mappings for an organization.
You can map up to 200 SAML groups or roles to an Informatica Intelligent Cloud Services role. To find a list of Informatica Intelligent Cloud Services roles, you can use the Roles resource.
Before you map SAML groups and roles, ensure that the Map SAML Groups and Roles option is enabled in Administrator.
After you map SAML groups and roles to Informatica Intelligent Cloud Services roles, you cannot configure user roles or groups for SAML SSO users individually in Administrator or through the Informatica Intelligent Cloud Services REST API.
For more information about using SAML SSO, see User Administration in the Administrator help.
Adding SAML group mappings
Add SAML group mappings that map SAML groups to Informatica Intelligent Cloud Services roles.
Note: You cannot map a SAML group or role that contains one of the following characters in the name:
•Pipe ( | )
•Semicolon ( ; )
•Comma ( , )
PUT request
To add a mapping between an Informatica Intelligent Cloud Services role and SAML groups, use the following URI:
If you map a SAML group that doesn't exist in Informatica Intelligent Cloud Services, Informatica Intelligent Cloud Services creates the group. If a group with the same name exists in Informatica Intelligent Cloud Services, you can specify whether to reuse the group or create a new group. By default, Informatica Intelligent Cloud Services creates a new group with _EXT appended to the name.
Include the following information:
Field
Type
Required
Description
groupMappings
Array
yes
Object that defines the Informatica Intelligent Cloud Services role and SAML group mappings.
roleName
String
yes
Include in the groupMappings object.
Name of the Informatica Intelligent Cloud Services role.
samlGroupNames
String
yes
Include in the groupMappings object
Names of the SAML groups to map to the Informatica Intelligent Cloud Services role.
reuseGroup
Boolean
--
Whether to use the existing Informatica Intelligent Cloud Services group if the group name is the same as the SAML group name.
If false, Informatica Intelligent Cloud Services creates a new group.
Default is false.
Returns the 204 response code if successful. Returns an error object if errors occurs.
PUT examples
To map the Informatica Intelligent Cloud Services Admin role to the Security and Dev-Managers SAML groups, and map the Informatica Intelligent Cloud Services Designer role to the Developers SAML group, you might send a request similar to the following example:
To add another group mapping to map the Informatica Intelligent Cloud Services Admin role to the Administrators SAML group, you might send a request similar to the following example:
Object that defines the Informatica Intelligent Cloud Services role and SAML role mappings.
roleName
String
yes
Include in the roleMappings object.
Name of the Informatica Intelligent Cloud Services role.
samlRoleNames
List
yes
Include in the roleMappings object
Names of the SAML roles to map to the Informatica Intelligent Cloud Services role.
Returns the 204 response code if successful. Returns an error object if errors occurs.
PUT example
To map the Informatica Intelligent Cloud Services Developer role to the Data Designer and MS Deployer SAML roles, and map the Informatica Intelligent Cloud Services Admin role to the Operator SAML role, you might send a request similar to the following example:
Object that defines the Informatica Intelligent Cloud Services role and SAML group mappings.
roleName
String
yes
Include in the groupMappings object.
Name of the Informatica Intelligent Cloud Services role.
samlGroupNames
String
yes
Include in the groupMappings object.
Names of the SAML groups to remove.
PUT example
If you want to remove the mapping between the Informatica Intelligent Cloud Services Admin role and the Administrators SAML group, you might send a request similar to the following example:
Object that defines the Informatica Intelligent Cloud Services role and SAML role mapping.
roleName
String
yes
Include in the roleMappings object.
Name of the Informatica Intelligent Cloud Services role.
samlRoleNames
String
yes
Include in the roleMappings object.
Names of the SAML roles to remove.
PUT example
If you want to remove the mapping between the Informatica Intelligent Cloud Services Admin role and the Operator SAML role, you might send a request similar to the following example:
You can get the details for all the group mappings for an organization or use a filter to get group mapping details for a particular Informatica Intelligent Cloud Services role or SAML group.
GET request
To get details for group mappings, use the following URI:
You can get the details for all the role mappings for an organization or use a filter to get role mapping details for a particular Informatica Intelligent Cloud Services role or SAML role.
GET request
To get details for role mappings, use the following URI:
To get all the role mapping details for the organization, omit the query parameters.
To get details for a particular role or SAML role, you can include the following query parameters in the URI:
Parameter
Type
Description
q
String
Query filter string. You can filter using one of the following fields:
- roleId
- roleName
- samlRoleNames
limit
Int
Maximum number of mappings to return.
Default is 200.
skip
Int
Number of mappings to skip in the results.
For example, a value of 4 excludes the first four mappings.
Default is 0.
You can use the following fields to define the query filter:
Field
Type
Operators
Description
roleId
String
==
ID of the Informatica Intelligent Cloud Services role.
roleName
String
==
Name of the Informatica Intelligent Cloud Services role.
samlRoleNames
String
==
Name of the SAML role.
GET request example
To get the role mapping details for a particular Informatica Intelligent Cloud Services role ID, you might use the following request:
GET <baseApiUrl>/public/core/v3/Orgs/03kEYNeduIJkVv0Qvq8NgY/SAMLConfig/roleMappings?q=roleId=="94247429" HTTP/HTTP version Content-Type: application/json Accept: application/json INFA-SESSION-ID: <SessionId>
GET response
Returns the role mapping details. Returns an error if errors occur.
If the Map SAML Groups and Roles option is enabled but no mappings exist, the response is empty.
If successful, returns a count of the available role mappings and the following information for each role mapping:
Field
Type
Description
count
String
Number of role mappings available.
roleMappings
-
Contains mapping information for each role mapping.
roleId
String
ID of the Informatica Intelligent Cloud Services role.
roleName
String
Name of the Informatica Intelligent Cloud Services role.
samlRoleNames
String
Names of the SAML roles.
GET response example
If successful, you might receive a response similar to the following example: