Ncloud Single Sign-On overview
- Print
- PDF
Ncloud Single Sign-On overview
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.
Available in Classic and VPC
Ncloud Single Sign-On is a NAVER Cloud Platform service that builds a system that allows you to access various applications with a single account. The Ncloud Single Sign-On service provides APIs for application, tenant, external IdP, SSO user, group, permission set, assignment, and IP ACL features in a RESTful form.
Common Ncloud Single Sign-On settings
The following describes commonly used request and response formats in Ncloud Single Sign-On APIs.
Request
The following describes the common request format.
API URL
The request API URL is as follows.
https://sso.apigw.ntruss.com
Request headers
The following describes the request headers.
| Field | Required | Description |
|---|---|---|
x-ncp-apigw-timestamp | Required | This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC
|
x-ncp-iam-access-key | Required | Access key issued on NAVER Cloud Platform
|
x-ncp-apigw-signature-v2 | Required | Base64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
|
Content-type | Optional | Request data format
|
Accept | Optional | Response data format
|
Response
The following describes the common response format.
Response data type
The following describes the common response date types.
ProcessResult
ProcessResult defines the API processing result. The following describes ProcessResult.
| Field | Type | Required | Description |
|---|---|---|---|
success | Boolean | Required | API processing result
|
id | String | Optional | Creation/modification result ID
|
message | String | Optional | API processing result message |
The following is a sample syntax and response of ProcessResult.
- Syntax
ProcessResult { Boolean success; String id; String message; } - Examples
{ "id": "", "success": true }
ErrorResponse
ErrorResponse defines the details of a failure when an API call fails. The following describes ErrorResponse.
| Field | Type | Required | Description |
|---|---|---|---|
| errorCode | Integer | Required | Required |
| message | String | Required | String |
The following is a sample syntax and response of ErrorResponse.
- Syntax
ErrorResponse { int errorCode; String message; } - Examples
{ "errorCode": 9060, "message": "The group name already exists." }
Response status codes
The following describes the response status codes.
| HTTP status code | Code | Message | Description |
|---|---|---|---|
| 400 | 400 | The user is not a member of this group. | Input of a user not belonging to the group |
| 400 | 400 | The permission set doesn't exist. | No permission set exists |
| 400 | 400 | The application name already exists. | Input of an existing application name |
| 400 | 400 | Tenant already exists | Tenant already exists |
| 400 | 400 | The login ID is already in use. | Login ID already in use entered |
| 400 | 500 | The policy doesn't exist. | Non-existent policy name entered |
| 400 | 9016 | The application does not exist. | Non-existent application ID entered |
| 400 | 9020 | There is a registered identity provider. | External IdP already exists |
| 400 | 9021 | This identify provider doesn't exist. | Non-existent external IdP |
| 400 | 9023 | The identity provider can't be deleted while the organization is integrated. | Unable to delete identity provider while organization is integrated |
| 400 | 9024 | Invalid metadata format. | Metadata format error |
| 400 | 9025 | There is no certificate information for signing in the metadata. | No certificate information for signing metadata |
| 400 | 9026 | There are two or more certificates for signing in the metadata. | Two or more certificates for signing exist in the metadata |
| 400 | 9027 | There is no SingleSignOnService binding in the metadata. | No protocol binding information in metadata |
| 400 | 9028 | There is no SingleSignOnService location in the metadata. | No SAML login URL information mapped to the binding protocol in metadata |
| 400 | 9029 | There is no entityId in the metadata. | No entityID information in metadata |
| 400 | 9030 | There is no IdPSSODescriptor in the metadata. | No IDPSSODescriptor information in metadata |
| 400 | 9031 | There is no SingleSignOnService in the metadata. | No SingleSignOnService in metadata |
| 400 | 9032 | There is no SingleSignOnService POST binding or Redirect binding in the metadata. | No HTTP-POST or HTTP-Redirect information in metadata |
| 400 | 9033 | The idpSigninUrl value is not in URL format. | idpSigninUrl value format error |
| 400 | 9034 | There is no KeyInfo in the metadata. | No KeyInfo information in metadata |
| 400 | 9035 | This is not the master account of the organization. | Organization integration requested with non-master account |
| 400 | 9036 | The organization doesn't exist. | Organization doesn't exist in master account |
| 400 | 9046 | Invalid certificate format. | Errors in certificate format for metadata signing |
| 400 | 9050 | This user doesn't exist. | Non-existent SSO user ID entered |
| 400 | 9060 | The group name already exists. | Group name already in use entered |
| 400 | 9061 | This group doesn't exist. | Non-existent group ID entered |
| 400 | 9070 | The permission set name already exists. | Permission set name already in use entered |
| 400 | 9071 | At least one policy must be selected. | Policy ID not entered |
| 400 | 9072 | This system managed policy doesn't exist. | Non-existent System Managed policy ID entered |
| 400 | 9073 | The permission set doesn't exist. | Non-existent permission set ID entered |
| 400 | 9080 | Assignment does not exist. | Non-existent assignment ID entered |
| 400 | 9081 | The assignment target doesn't match. | Non-matching assignment target entered |
| 400 | 9083 | The assignment target doesn't exist. | Non-existent assignment target entered |
| 400 | 9084 | An assignment created with the specified account and permission set already exists. | Assignment created with the same information already exists |
| 400 | 9085 | The assigned account is invalid. | Non-existent account number entered |
| 400 | 9086 | A target already exists in the assignment. | Target information already added entered |
| 400 | 9087 | The Assignment name already exists. | Assignment name already in use entered |
| 400 | 9100 | The IP ACL does not exist. | Non-existent IP ACL ID entered |
| 400 | 9101 | IP ACL destination cannot be empty. | Assignment ID missing |
| 400 | 9102 | A target already exists in the assignment. | Assignment ID already added entered |
| 400 | 9103 | Assignment - remaining IP ACL mapping exists. | Unable to delete because assignment is added to IP ACL |
| 400 | 9104 | IP ACL destination does not match. | Non-existent assignment - IP ACL mapping information entered |
| 400 | 9105 | Assignment - IP ACL mapping does not exist. | Assignment - IP ACL mapping information that already exists entered |
| 400 | 9106 | Invalid access restriction setting for Assignment. | Assignment access control status is false |
| 400 | 9110 | An MFA device already exists. | MFA device already exists for SSO user |
| 400 | 9111 | Invalid OTP. | Invalid OTP information entered |
| 400 | 9112 | The MFA device does not exist. | MFA device doesn't exist for SSO user |
| 400 | 9113 | Two-factor authentication not applied. | Two-factor authentication not applied |
Note
For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.
Ncloud Single Sign-On API
The following describes the APIs provided by the Ncloud Single Sign-On service.
Application
The following describes the application-related APIs.
| API | Description |
|---|---|
| Get application list | Get application list |
| Get application | Get details of a single application |
| Create application | Create application |
| Edit application | Edit application information |
| Delete application | Delete application |
| Reissue OAuth 2.0 client secret | Reissue OAuth 2.0 client secret |
Tenant
The following describes the tenant-related APIs.
| API | Description |
|---|---|
| Get tenant | Get tenant |
| Create tenant | Create tenant |
| Edit tenant | Edit tenant information |
| Delete tenant | Delete tenant |
External IdP
The following describes the external IdP-related APIs.
| API | Description |
|---|---|
| Get external IdP | Get external IdP |
| Create external IdP | Create external IdP |
| Edit external IdP | Edit external IdP information |
| Delete External IdP | Delete External IdP |
| Get attribute mapper | Get attribute mapper |
| Edit attribute mapper | Edit attribute mapper |
| Parse external IdP metadata | Parse external IdP metadata |
| Get Ncloud Single Sign-On metadata | Get Ncloud Single Sign-On metadata |
| Get Ncloud Single Sign-On URL data | Get Ncloud Single Sign-On URL data |
| Set external IDP login | Set external IDP login information |
| Set Organization integration | Integrate Organization |
SSO User
The following describes the SSO user-related APIs.
| API | Description |
|---|---|
| Get SSO user list | Get SSO user list |
| Get SSO user | Get details of a single SSO user |
| Create SSO user | Create a single SSO user |
| Bulk create SSO users | Bulk create SSO users of one or more |
| Edit SSO user | Edit SSO user information |
| Bulk delete SSO users | Bulk delete SSO users of one or more |
| Delete SSO user | Delete SSO user |
| Check SSO user login ID | Check validity and duplication of SSO user login ID |
| Get SSO user access rule | Get SSO user access rule |
| Edit SSO user access rule | Edit SSO user access rule |
| Get SSO user profile | Get SSO user profile |
| Get SSO user group list | Get group list |
| Get SSO user group | Get single group details |
| Add SSO user group | Add SSO user to group |
| Delete SSO user group | Delete SSO user from group |
| Set SSO user status | Enable or disable SSO user |
| Get SSO user session | Get SSO user session |
| Expire SSO user session | Expire SSO user session |
| Get SSO user assignment list | Get the list of assignments the SSO user belongs to |
| Delete SSO user assignment | Delete SSO user from assignment |
| Get SSO user MFA device list | Get MFA device owned by SSO user |
| Add SSO user MFA device | Add MFA device to SSO user |
| Delete SSO user MFA device | Delete MFA device owned by SSO user |
Group
The following describes the group-related APIs.
| API | Description |
|---|---|
| Get group list | Get group list |
| Get group | Get single group details |
| Create group | Create group |
| Edit group | Edit group information |
| Delete group list | Bulk delete groups of one or more |
| Delete group | Delete group |
| Check group name | Check validity and duplication of group name |
| Get SSO user list of group | Get the list of SSO users in the group |
| Add SSO user to group | Add group to SSO user |
| Delete SSO user of group | Delete SSO user from group |
| Get group assignment list | Get the list of assignments the group belongs to |
| Delete group assignment | Delete group from assignment |
Permission Set
The following describes the permission set-related APIs.
| API | Description |
|---|---|
| Get permission set list | Get permission set list |
| Get permission set | Get details of a single permission set |
| Create permission set | Create permission set |
| Edit permission set | Edit permission set information |
| Delete permission set list | Bulk delete permission sets of one or more |
| Delete permission set | Delete permission set |
| Check permission set name | Check validity and duplication of permission set name |
| Delete permission set policy | Delete policy assigned to permission set |
| Get system managed policy list | Get the list of System Managed policies that can be assigned to permission set |
| Check existence of user created policy | Check for the existence of User Created policy in permission set |
Assignment
The following describes the assignment-related APIs.
| API | Description |
|---|---|
| Get assignment list | Get assignment list |
| Get assignment | Get details of a single assignment |
| Create assignment | Create assignment |
| Edit assignment | Edit assignment information |
| Delete assignment | Delete assignment |
| Set assignment status | Enable or disable assignment |
| Get assignment target list | Get the list of targets (SSO users, groups) added to assignment |
| Add assignment target | Add target (SSO user, group) to assignment |
| Delete assignment target | Delete target (SSO user, group) from assignment |
| Get IP ACL assignment list | Get the list of IP ACLs added to assignment |
| Add IP ACL to assignment | Add IP ACL to assignment |
| Delete IP ACL from assignment | Delete IP ACL added to assignment |
| Get assignment account list | Get the list of accounts added to organization |
| Check existence of user created policy | Check for the existence of User Created policy in target account |
IP ACL
The following describes the IP ACL-related APIs.
| API | Description |
|---|---|
| Get IP ACL list | Get IP ACL list |
| Get IP ACL | Get details of a single IP ACL |
| Create IP ACL | Create IP ACL |
| Edit IP ACL | Edit IP ACL information |
| Delete IP ACL list | Bulk delete IP ACLs of one or more |
| Delete IP ACL | Delete IP ACL |
| Check IP ACL name | Check validity and duplication of IP ACL name |
| Get IP ACL assignment list | Get the list of assignments added to IP ACL |
| Add assignment to IP ACL | Add assignment to IP ACL |
| Delete assignment of IP ACL | Delete assignment from IP ACL |
Ncloud Single Sign-On related resources
NAVER Cloud Platform provides a variety of related resources to help users better understand Ncloud Single Sign-On APIs.
- Ncloud Single Sign-On API guide
- Create signature: how to create a signature to add to the request header
- API Gateway User Guide: how to issue the API key to be added to the request header
- Sub Account User guide: how to issue the access key to be added to the request header
- Common Ncloud response status codes: information on common response status codes of NAVER Cloud Platform used by the Ncloud Single Sign-On service
- Ncloud Single Sign-On service guide
- Ncloud Single Sign-On User Guide: how to use Ncloud Single Sign-On from the NAVER Cloud Platform console
- Ncloud use environment guide: guide for VPC and Classic environments and support availability
- Introduction to pricing, characteristics, and detailed features: summary of pricing system, characteristics, and detailed features of Ncloud Single Sign-On
- Latest service news: the latest news on Ncloud Single Sign-On service
- FAQ: frequently asked questions from the Ncloud Single Sign-On service users
- Contact us: Send direct inquiries for unresolved questions that aren't answered by the API guide
Was this article helpful?