Ncloud Single Sign-On overview
- Print
- PDF
Ncloud Single Sign-On overview
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in Classic and VPC
An API that can manage the Application/Tenant/External IDP/User/Group/Permission Set/Assignment information is provided.
The API is in the RESTful API format, and uses HTTP GET/POST/PUT/DELETE methods.
Operations
Ncloud Single Sign-On provides Application, Tenant, External IDP, User, Group, PermissionSet, and Assignment operations.
Application
The list of APIs related to applications is as follows.
| API | Description |
|---|---|
| getApplications | View the application list |
| getApplication | View a single application |
| postApplication | Create application |
| putApplication | Edit application |
| deleteApplication | Delete application |
| renewalClientSecret | (Oauth2) Recreate client secret |
Tenant
The list of APIs related to tenants is as follows.
| API | Description |
|---|---|
| getTenant | View tenant |
| postTenant | Create tenant |
| putTenant | Edit tenant |
| deleteTenant | Delete tenant |
External IDP
The list of APIs related to external IDPs is as follows.
| API | Description |
|---|---|
| postExternalIdP | Register external IDP |
| getExternalIdP | View external IDP |
| deleteExternalIdP | Delete external IDP |
| putExternalIdP | Edit external IDP |
| modifyAttributeMapper | Edit AttributeMapper |
| getAttributeMapper | View AttributeMapper |
| parseExternalIdpMetadata | Parse external IDP metadata |
| getSpMetadata | View Ncloud Single Sign-On metadata |
| getSpUrldata | View Ncloud Single Sign-On URL data |
| putLoginSetting | Set external IDP login information |
| postOrganization | Integrate organization |
User
The list of APIs related to users is as follows.
| API | Description |
|---|---|
| validateUserLoginId | Check user login ID validity |
| postUser | Create a single user |
| postUsers | Bulk create users |
| putUser | Edit user |
| deleteUser | Delete user |
| deleteUsers | Delete user list |
| getUser | View a single user |
| getUsers | View user list |
| getUserAccessRule | View user AccessRule |
| putUserAccessRule | Edit user AccessRule |
| getUserProfile | View user profile |
| postUserToGroup | Add user to group |
| getUserGroups | View the list of groups a user belongs to |
| getUserGroup | View a single group a user belongs to |
| deleteUserFromGroup | Delete user from group |
| changeUserStatus | Change user status |
| getUserSession | View user session |
| expireUserSession | Expire user session |
| getUserAssignments | View the list of assignments a user belongs to |
| deleteUserFromAssignment | Delete user from assignment |
| addUserMfaDevices | Add MFA device to user |
| getUserMfaDevices | View MFA device a user owns |
| deleteUserMfaDevices | Delete MFA device a user owns |
Group
The list of APIs related to groups is as follows.
| API | Description |
|---|---|
| validateGroupName | Check group name validity |
| postGroup | Create group |
| getGroups | View group list |
| getUser | View a single group |
| putGroup | Edit group |
| deleteGroup | Delete group |
| deleteGroups | Delete group list |
| postGroupToUser | Add group to user |
| getGroupUsers | View the list of users in a group |
| getGroupAssignment | View the list of assignments the group belongs to |
| deleteGroupFromUser | Delete group from user |
| deleteGroupFromAssignment | Delete group from assignment |
PermissionSet
The list of APIs related to permission sets is as follows.
| API | Description |
|---|---|
| postPermissionSet | Create PermissionSet |
| getPermissionSets | View PermissionSet list |
| getPermissionSet | View a single PermissionSet |
| putPermissionSet | Edit PermissionSet |
| deletePermissionSet | Delete PermissionSet |
| deletePermissionSets | Delete PermissionSet list |
| getPolicies | View the list of policies that can be assigned to PermissionSet |
| existsPolicy | Check for the existence of a policy in PermissionSet |
| deletePolicyFromPermissionSet | Delete policy in PermissionSet |
| validatePermissionSetName | Check PermissionSet name patterns, duplicates |
Assignment
The list of APIs related to assignments is as follows.
| API | Description |
|---|---|
| postAssignment | Create assignment |
| getAssignments | View assignment list |
| getAssignment | View a single assignment |
| putAssignment | Edit assignment |
| changeAssignmentStatus | Change assignment status |
| deleteAssignment | Delete assignment |
| getAssignmentTargets | View assignment target list |
| postAssignmentTargets | Add assignment target to assignment |
| deleteAssignmentTargets | Delete assignment target |
| getAssignmentExistsPolicy | Check if the target policy in the assignment exists |
| getAssignmentByTargetType | View the list of assignments that match TargetType |
| getAccounts | View account list |
| addAssignmentIpAcls | Add IP ACL to assignment |
| getAssignmentsIpAcls | View the list of IP ACLs that belong to an assignment |
| deleteAssignmentIpAcls | Delete IP ACL that belongs to an assignment |
IP ACL
The list of APIs related to IP ACLs is as follows.
| API | Description |
|---|---|
| validateIpAclName | Check IP ACL name validity |
| postIPACL | Create IP ACL |
| putIPACL | Edit IP ACL |
| deleteIPACLs | Delete IP ACL list |
| deleteIPACL | Delete a single IP ACL |
| getIPACLs | View IP ACL list |
| getIPACL | View a single IP ACL |
| addIpAclToAssignments | Add IP ACL to assignment |
| getIpAclAssignments | View assignments with IP ACL |
| deleteIpAclAssignments | Delete assignment assigned to IP ACL |
Common settings
API URL
The API URL is as follows.
https://sso.apigw.ntruss.com/api/v1
Method
Available methods are as follows.
GET, POST, PUT, DELETE
Headers
Request headers
This section introduces commonly used request headers. Since some request headers are common headers of Ncloud APIs, see Common Ncloud API headers for more information. The following describes the request headers.
| Header | Description | Type |
|---|---|---|
| x-ncp-apigw-timestamp | - It indicates the elapsed time in milliseconds since January 1, 1970 00:00:00 UTC - Request is considered invalid if the timestamp differs from the current time by more than 5 minutes | Common Ncloud API headers |
| x-ncp-iam-access-key | API key issued on NAVER Cloud Platform or access key issued on IAM | Common Ncloud API headers |
| x-ncp-apigw-signature-v2 | - Signature signed by the secret key that matches the access key in the sample body above - HmacSHA256 is used for the HMAC encryption algorithm | Common Ncloud API headers |
Common model
ProcessResult
| Parameter name | Required | Type | Description |
|---|---|---|---|
| success | Y | Boolean | Processing result |
| id | N | String | Creation/modification result ID |
| message | N | String | Processing result message |
- Model
ProcessResult {
Boolean success;
String id;
String message;
}
- JSON
{
"id": "",
"success": true
}
Errors
This section introduces common error codes used by Ncloud Single Sign-On APIs. For more information about common error codes used across all services, see NAVER Cloud Platform API.
| Parameter name | Required | Type | Description |
|---|---|---|---|
| errorCode | Y | int | Error code |
| message | Y | String | Error message |
The following is an example of a common error code syntax of the Ncloud Single Sign-On API.
- Model
ErrorResponse {
int errorCode;
String message;
}
- JSON
{
"errorCode": 9011,
"message": "Error message"
}
Was this article helpful?