You're reading "Content Management API"

Single Sign-On user

A Single Sign-On user exists when a DatoCMS project is connected to an external Identity Provider. An SSO user will not use the standard login procedure but has to go through SAML authentication. It can also be linked to one or more IdP groups.

The Single Sign-On user object

A Single Sign-On user object is returned as part of the response body of each successful List all users, Delete a SSO user or Copy editors as SSO users API call. The following table contains the list of all its fields along with their type, description and example values.

Object fields:
emailsarray

SCIM-formatted emails

This attribute is required
external_idstring

Identity provider ID

first_namestring

First name

is_activeboolean

Whether this user is active on the identity provider. De-activated users won't be able to login.

This attribute is required
last_namestring

Last name

usernamestring

Email

This attribute is required

List all users

To list all users, send a GET request to the /sso-users endpoint. The following table contains the list of all the possible arguments, along with their type, description and examples values. All the arguments marked as required must be present in the request.

GET https://site-api.datocms.com/sso-users HTTP/1.1
X-Api-Version3
AuthorizationBearer YOUR-API-KEY
Acceptapplication/json
HTTP Response
HTTP/1.1 200 OK
Content-Typeapplication/json; charset=utf-8
Cache-Controlcache-control: max-age=0, private, must-revalidate
X-RateLimit-Limit30
X-RateLimit-Remaining28
{ "data": [ { "type": "sso_user", "id": "312", "attributes": { "username": "mark.smith@example.com", "external_id": "Ja23ekjhsad", "is_active": true, "first_name": "Mark", "last_name": "Smith", "emails": [ { "type": "work", "value": "m.smith@datocms.com", "primary": true } ] }, "relationships": { "groups": { "data": [ { "type": "sso_group", "id": "312" } ] }, "role": { "data": { "type": "role", "id": "34" } } } } ] }

Delete a SSO user

To delete a sso user, send a DELETE request to the /sso-users/:user_id endpoint. The following table contains the list of all the possible arguments, along with their type, description and examples values. All the arguments marked as required must be present in the request.

DELETE https://site-api.datocms.com/sso-users/:user_id HTTP/1.1
X-Api-Version3
AuthorizationBearer YOUR-API-KEY
Acceptapplication/json
HTTP Response
HTTP/1.1 200 OK
Content-Typeapplication/json; charset=utf-8
Cache-Controlcache-control: max-age=0, private, must-revalidate
X-RateLimit-Limit30
X-RateLimit-Remaining28
{ "data": { "type": "sso_user", "id": "312", "attributes": { "username": "mark.smith@example.com", "external_id": "Ja23ekjhsad", "is_active": true, "first_name": "Mark", "last_name": "Smith", "emails": [ { "type": "work", "value": "m.smith@datocms.com", "primary": true } ] }, "relationships": { "groups": { "data": [ { "type": "sso_group", "id": "312" } ] }, "role": { "data": { "type": "role", "id": "34" } } } } }

Copy editors as SSO users

Copy existing users into SSO users

POST https://site-api.datocms.com/sso-users/sync-users HTTP/1.1
X-Api-Version3
AuthorizationBearer YOUR-API-KEY
Acceptapplication/json
HTTP Response
HTTP/1.1 200 OK
Content-Typeapplication/json; charset=utf-8
Cache-Controlcache-control: max-age=0, private, must-revalidate
X-RateLimit-Limit30
X-RateLimit-Remaining28
{ "data": [ { "type": "sso_user", "id": "312", "attributes": { "username": "mark.smith@example.com", "external_id": "Ja23ekjhsad", "is_active": true, "first_name": "Mark", "last_name": "Smith", "emails": [ { "type": "work", "value": "m.smith@datocms.com", "primary": true } ] }, "relationships": { "groups": { "data": [ { "type": "sso_group", "id": "312" } ] }, "role": { "data": { "type": "role", "id": "34" } } } } ] }