SamlConfig

Version 4.0.24.12
Datatype
Description
(object)
object
can
object
Operations the current user is able to perform on this object
enabled
boolean
Enable/Disable Saml authentication for the server
idp_cert
string
Identity Provider Certificate (provided by IdP)
idp_url
string
Identity Provider Url (provided by IdP)
idp_issuer
string
Identity Provider Issuer (provided by IdP)
idp_audience
string
Identity Provider Audience (set in IdP config). Optional in Looker. Set this only if you want Looker to validate the audience value returned by the IdP.
allowed_clock_drift
integer
Count of seconds of clock drift to allow when validating timestamps of assertions.
user_attribute_map_email
string
Name of user record attributes used to indicate email address field
user_attribute_map_first_name
string
Name of user record attributes used to indicate first name
user_attribute_map_last_name
string
Name of user record attributes used to indicate last name
new_user_migration_types
string
Merge first-time saml login to existing user account by email addresses. When a user logs in for the first time via saml this option will connect this user into their existing account by finding the account with a matching email address by testing the given types of credentials for existing users. Otherwise a new user account will be created for the user. This list (if provided) must be a comma separated list of string like 'email,ldap,google'
alternate_email_login_allowed
boolean
Allow alternate email-based login via '/login/email' for admins and for specified users with the 'login_special_email' permission. This option is useful as a fallback during ldap setup, if ldap config problems occur later, or if you need to support some users who are not in your ldap directory. Looker email/password logins are always disabled for regular users when ldap is enabled.
test_slug
string
Slug to identify configurations that are created in order to run a Saml config test
modified_at
string
When this config was last modified
modified_by
string
User id of user who last modified this config
default_new_user_roles
Role[]
Expand Role definition...
can
object
Operations the current user is able to perform on this object
id
string
Unique Id
name
string
Name of Role
permission_set
(Read only) Permission set
Expand PermissionSet definition...
can
object
Operations the current user is able to perform on this object
all_access
boolean
built_in
boolean
id
string
Unique Id
name
string
Name of PermissionSet
permissions
string[]
url
string
Link to get this item
permission_set_id
string
(Write-Only) Id of permission set
model_set
(Read only) Model set
Expand ModelSet definition...
can
object
Operations the current user is able to perform on this object
all_access
boolean
built_in
boolean
id
string
Unique Id
models
string[]
name
string
Name of ModelSet
url
string
Link to get this item
model_set_id
string
(Write-Only) Id of model set
url
string
Link to get this item
users_url
string
Link to get list of users with this role
default_new_user_groups
Group[]
Expand Group definition...
can
object
Operations the current user is able to perform on this object
can_add_to_content_metadata
boolean
Group can be used in content access controls
contains_current_user
boolean
Currently logged in user is group member
external_group_id
string
External Id group if embed group
externally_managed
boolean
Group membership controlled outside of Looker
id
string
Unique Id
include_by_default
boolean
New users are added to this group by default
name
string
Name of group
user_count
integer
Number of users included in this group
default_new_user_role_ids
string[]
default_new_user_group_ids
string[]
set_roles_from_groups
boolean
Set user roles in Looker based on groups from Saml
groups_attribute
string
Name of user record attributes used to indicate groups. Used when 'groups_finder_type' is set to 'grouped_attribute_values'
groups
Expand SamlGroupRead definition...
id
string
Unique Id
looker_group_id
string
Unique Id of group in Looker
looker_group_name
string
Name of group in Looker
name
string
Name of group in Saml
roles
Role[]
Expand Role definition...
can
object
Operations the current user is able to perform on this object
id
string
Unique Id
name
string
Name of Role
permission_set
(Read only) Permission set
permission_set_id
string
(Write-Only) Id of permission set
model_set
(Read only) Model set
model_set_id
string
(Write-Only) Id of model set
url
string
Link to get this item
users_url
string
Link to get list of users with this role
url
string
Link to saml config
groups_with_role_ids
Expand SamlGroupWrite definition...
id
string
Unique Id
looker_group_id
string
Unique Id of group in Looker
looker_group_name
string
Name of group in Looker
name
string
Name of group in Saml
role_ids
string[]
url
string
Link to saml config
auth_requires_role
boolean
Users will not be allowed to login at all unless a role for them is found in Saml if set to true
user_attributes
Expand SamlUserAttributeRead definition...
name
string
Name of User Attribute in Saml
required
boolean
Required to be in Saml assertion for login to be allowed to succeed
user_attributes
Expand UserAttribute definition...
can
object
Operations the current user is able to perform on this object
id
string
Unique Id
name
string
Name of user attribute
label
string
Human-friendly label for user attribute
type
string
Type of user attribute ("string", "number", "datetime", "yesno", "zipcode", "advanced_filter_string", "advanced_filter_number")
default_value
string
Default value for when no value is set on the user
is_system
boolean
Attribute is a system default
is_permanent
boolean
Attribute is permanent and cannot be deleted
value_is_hidden
boolean
If true, users will not be able to view values of this attribute
user_can_view
boolean
Non-admin users can see the values of their attributes and use them in filters
user_can_edit
boolean
Users can change the value of this attribute for themselves
hidden_value_domain_whitelist
string
Destinations to which a hidden attribute may be sent. Once set, cannot be edited.
url
string
Link to saml config
user_attributes_with_ids
Expand SamlUserAttributeWrite definition...
name
string
Name of User Attribute in Saml
required
boolean
Required to be in Saml assertion for login to be allowed to succeed
user_attribute_ids
string[]
url
string
Link to saml config
groups_finder_type
string
Identifier for a strategy for how Looker will find groups in the SAML response. One of ['grouped_attribute_values', 'individual_attributes']
groups_member_value
string
Value for group attribute used to indicate membership. Used when 'groups_finder_type' is set to 'individual_attributes'
bypass_login_page
boolean
Bypass the login page when user authentication is required. Redirect to IdP immediately instead.
allow_normal_group_membership
boolean
Allow SAML auth'd users to be members of non-reflected Looker groups. If 'false', user will be removed from non-reflected groups on login.
allow_roles_from_normal_groups
boolean
SAML auth'd users will inherit roles from non-reflected Looker groups.
allow_direct_roles
boolean
Allows roles to be directly assigned to SAML auth'd users.
url
string
Link to get this item