describe_workspace_authentication

describe_workspace_authentication(**kwargs)

Displays information about the authentication methods used in one Amazon Managed Grafana workspace.

See also: AWS API Documentation

Request Syntax

response = client.describe_workspace_authentication(
    workspaceId='string'
)
Parameters
workspaceId (string) --

[REQUIRED]

The ID of the workspace to return authentication information about.

Return type
dict
Returns
Response Syntax
{
    'authentication': {
        'awsSso': {
            'ssoClientId': 'string'
        },
        'providers': [
            'AWS_SSO'|'SAML',
        ],
        'saml': {
            'configuration': {
                'allowedOrganizations': [
                    'string',
                ],
                'assertionAttributes': {
                    'email': 'string',
                    'groups': 'string',
                    'login': 'string',
                    'name': 'string',
                    'org': 'string',
                    'role': 'string'
                },
                'idpMetadata': {
                    'url': 'string',
                    'xml': 'string'
                },
                'loginValidityDuration': 123,
                'roleValues': {
                    'admin': [
                        'string',
                    ],
                    'editor': [
                        'string',
                    ]
                }
            },
            'status': 'CONFIGURED'|'NOT_CONFIGURED'
        }
    }
}

Response Structure

  • (dict) --
    • authentication (dict) --

      A structure containing information about the authentication methods used in the workspace.

      • awsSso (dict) --

        A structure containing information about how this workspace works with IAM Identity Center.

        • ssoClientId (string) --

          The ID of the IAM Identity Center-managed application that is created by Amazon Managed Grafana.

      • providers (list) --

        Specifies whether this workspace uses IAM Identity Center, SAML, or both methods to authenticate users to use the Grafana console in the Amazon Managed Grafana workspace.

        • (string) --
      • saml (dict) --

        A structure containing information about how this workspace works with SAML, including what attributes within the assertion are to be mapped to user information in the workspace.

        • configuration (dict) --

          A structure containing details about how this workspace works with SAML.

          • allowedOrganizations (list) --

            Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.

            • (string) --
          • assertionAttributes (dict) --

            A structure that defines which attributes in the SAML assertion are to be used to define information about the users authenticated by that IdP to use the workspace.

            • email (string) --

              The name of the attribute within the SAML assertion to use as the email names for SAML users.

            • groups (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups.

            • login (string) --

              The name of the attribute within the SAML assertion to use as the login names for SAML users.

            • name (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users.

            • org (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations.

            • role (string) --

              The name of the attribute within the SAML assertion to use as the user roles.

          • idpMetadata (dict) --

            A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: url, xml. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            
            • url (string) --

              The URL of the location containing the IdP metadata.

            • xml (string) --

              The full IdP metadata, in XML format.

          • loginValidityDuration (integer) --

            How long a sign-on session by a SAML user is valid, before the user has to sign on again.

          • roleValues (dict) --

            A structure containing arrays that map group names in the SAML assertion to the Grafana Admin and Editor roles in the workspace.

            • admin (list) --

              A list of groups from the SAML assertion attribute to grant the Grafana Admin role to.

              • (string) --
            • editor (list) --

              A list of groups from the SAML assertion attribute to grant the Grafana Editor role to.

              • (string) --
        • status (string) --

          Specifies whether the workspace's SAML configuration is complete.

Exceptions

  • ManagedGrafana.Client.exceptions.ResourceNotFoundException
  • ManagedGrafana.Client.exceptions.ThrottlingException
  • ManagedGrafana.Client.exceptions.ValidationException
  • ManagedGrafana.Client.exceptions.AccessDeniedException
  • ManagedGrafana.Client.exceptions.InternalServerException