Get tenant

Prev Next

Available in Classic and VPC

Get tenant details.

Request

This section describes the request format. The method and URI are as follows:

Method URI
GET /api/v1/tenant

Request headers

For information about the headers common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On request headers.

Request example

The request example is as follows:

curl --location --request GET 'https://sso.apigw.ntruss.com/api/v1/tenant' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
tenantId String - Tenant ID
tenantAlias String - Tenant alias
mbrLoginAllow String - Whether to allow main account login
  • UNUSED | ALLOW | DENY
    • UNUSED: Follow settings for each application
    • ALLOW: allow
    • DENY: deny
idleSessionExpDuration Integer - Session expiration time of logged in external account (second)
  • 600 | 1800 | 3600 | 10800
multipleLoginAllowed Boolean - Whether to allow duplicate login
  • true | false
    • true: allow
    • false: not allow
  • If duplicate logins are not allowed, only one session per SSO role can be connected.
organizationEnabled Boolean - Organization integration status
  • true | false
    • true: integration completed
    • false: integration disabled
organizationEnabledAt String - Organization integration date and time
  • ISO 8601 format
protocols Array - Supported protocols
applicationTypeSupported Array - Application type
oauth2 Object - OAuth 2.0 information
oauth2.grantTypeSupported Array - Authorization method
  • authorization_code | refresh_token | implicit
    • authorization_code: Issue access token with self-generated authorization code.
    • refresh_token: Issue new access token without re-login after the access token expires.
    • implicit: Issue access token directly without authorization code. It is optimized for client environments where it is difficult to securely store credentials.
oauth2.responseTypeSupported Array - Response type supported by OAuth 2.0 and OpenID Connect protocols
oauth2.scopeSupported Array - Application accessible information range
  • profile | openid | groups | email
    • profile: account type, login ID, unique member identifier, username
    • openid: account type, login ID, unique member identifier, username
    • groups: account type, login ID, unique member identifier, username, group
    • email: account type, login ID, unique member identifier, username, email
oauth2.clientAuthMethodSupported Array - Application authentication method
  • client_secret_basic | client_secret_post | none
    • client_secret_basic: Client credentials are passed as HTTP basic authentication header.
    • client_secret_post: Client ID and secret are included in the POST request body.
    • none: no authentication
oauth2.accessTypeSupported Array - Application access method
  • confidential | public
    • confidential: Access after authentication with client ID and secret.
    • public: Access after authentication with client ID.
isIdpExist Boolean - Whether to create external IdP
  • true | false
    • true: create
    • false: not create
createdAt String - Tenant creation date and time
  • ISO 8601 format
possessionAuthenticationEnabled Boolean - Whether to apply occupancy authentication
  • true | false
    • true: apply
    • false: not apply
  • When applying occupancy authentication, SSO users can register and manage their verified email/SMS information within the NAVER Cloud Platform.
possessionAuthenticationTypes Array - Occupancy authentication method type
  • SMS | Email
    • SMS: SMS
    • Email: email
multiFactorAuthenticationEnabled Boolean - Whether to apply two-factor authentication
  • true | false
    • true: apply
    • false: not apply

Response status codes

For information about the response status codes common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On response status codes.

Response example

The response example is as follows:

{
    "tenantId": "bc1fb745-****-****-****-9fc9f7c16369",
    "tenantAlias": "bc1fb745-****-****-****-9fc9f7c16369",
    "mbrLoginAllow": "UNUSED",
    "idleSessionExpDuration": 600,
    "multipleLoginAllowed": true,
    "organizationEnabled": true,
    "organizationEnabledAt": "2025-01-21T00:33:55Z",
    "protocols": [
        "OAUTH2"
    ],
    "applicationTypeSupported": [
        "app",
        "web"
    ],
    "oauth2": {
        "grantTypeSupported": [
            "authorization_code",
            "implicit",
            "refresh_token"
        ],
        "responseTypeSupported": [
            "code",
            "token",
            "id_token"
        ],
        "scopeSupported": [
            "profile",
            "openid",
            "groups",
            "email"
        ],
        "clientAuthMethodSupported": [
            "client_secret_basic"
        ],
        "accessTypeSupported": [
            "confidential"
        ]
    },
    "isIdpExist": true,
    "createdAt": "2025-01-20T00:33:55Z",
    "possessionAuthenticationEnabled": true,
    "possessionAuthenticationTypes": [
        "SMS"
    ],
    "multiFactorAuthenticationEnabled": true
}