inbound_sso_assignments

Creates, updates, deletes, gets or lists an inbound_sso_assignments resource.

Overview

Name	`inbound_sso_assignments`
Type	Resource
Id	`google.cloudidentity.inbound_sso_assignments`

Fields

The following fields are returned by SELECT queries:

get
list

Successful response

Name	Datatype	Description
`name`	`string`	Output only. Resource name of the Inbound SSO Assignment.
`customer`	`string`	Immutable. The customer. For example: `customers/C0123abc`.
`oidcSsoInfo`	`object`	OpenID Connect SSO details. Must be set if and only if `sso_mode` is set to `OIDC_SSO`. (id: OidcSsoInfo)
`rank`	`integer (int32)`	Must be zero (which is the default value so it can be omitted) for assignments with `target_org_unit` set and must be greater-than-or-equal-to one for assignments with `target_group` set.
`samlSsoInfo`	`object`	SAML SSO details. Must be set if and only if `sso_mode` is set to `SAML_SSO`. (id: SamlSsoInfo)
`signInBehavior`	`object`	Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration. (id: SignInBehavior)
`ssoMode`	`string`	Inbound SSO behavior.
`targetGroup`	`string`	Immutable. Must be of the form `groups/{group}`.
`targetOrgUnit`	`string`	Immutable. Must be of the form `orgUnits/{org_unit}`.

Successful response

Name	Datatype	Description
`name`	`string`	Output only. Resource name of the Inbound SSO Assignment.
`customer`	`string`	Immutable. The customer. For example: `customers/C0123abc`.
`oidcSsoInfo`	`object`	OpenID Connect SSO details. Must be set if and only if `sso_mode` is set to `OIDC_SSO`. (id: OidcSsoInfo)
`rank`	`integer (int32)`	Must be zero (which is the default value so it can be omitted) for assignments with `target_org_unit` set and must be greater-than-or-equal-to one for assignments with `target_group` set.
`samlSsoInfo`	`object`	SAML SSO details. Must be set if and only if `sso_mode` is set to `SAML_SSO`. (id: SamlSsoInfo)
`signInBehavior`	`object`	Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration. (id: SignInBehavior)
`ssoMode`	`string`	Inbound SSO behavior.
`targetGroup`	`string`	Immutable. Must be of the form `groups/{group}`.
`targetOrgUnit`	`string`	Immutable. Must be of the form `orgUnits/{org_unit}`.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`inboundSsoAssignmentsId`		Gets an InboundSsoAssignment.
`list`	`select`		`filter`, `pageSize`, `pageToken`	Lists the InboundSsoAssignments for a `Customer`.
`create`	`insert`			Creates an InboundSsoAssignment for users and devices in a `Customer` under a given `Group` or `OrgUnit`.
`patch`	`update`	`inboundSsoAssignmentsId`	`updateMask`	Updates an InboundSsoAssignment. The body of this request is the `inbound_sso_assignment` field and the `update_mask` is relative to that. For example: a PATCH to `/v1/inboundSsoAssignments/0abcdefg1234567&update_mask=rank` with a body of `{ "rank": 1 }` moves that (presumably group-targeted) SSO assignment to the highest priority and shifts any other group-targeted assignments down in priority.
`delete`	`delete`	`inboundSsoAssignmentsId`		Deletes an InboundSsoAssignment. To disable SSO, Create (or Update) an assignment that has `sso_mode` == `SSO_OFF`.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`inboundSsoAssignmentsId`	`string`
`filter`	`string`
`pageSize`	`integer (int32)`
`pageToken`	`string`
`updateMask`	`string (google-fieldmask)`

`SELECT` examples

get
list

Gets an InboundSsoAssignment.

SELECT
name,
customer,
oidcSsoInfo,
rank,
samlSsoInfo,
signInBehavior,
ssoMode,
targetGroup,
targetOrgUnit
FROM google.cloudidentity.inbound_sso_assignments
WHERE inboundSsoAssignmentsId = '{{ inboundSsoAssignmentsId }}' -- required;

Lists the InboundSsoAssignments for a Customer.

SELECT
name,
customer,
oidcSsoInfo,
rank,
samlSsoInfo,
signInBehavior,
ssoMode,
targetGroup,
targetOrgUnit
FROM google.cloudidentity.inbound_sso_assignments
WHERE filter = '{{ filter }}'
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';

`INSERT` examples

create
Manifest

Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit.

INSERT INTO google.cloudidentity.inbound_sso_assignments (
data__targetGroup,
data__targetOrgUnit,
data__customer,
data__rank,
data__ssoMode,
data__samlSsoInfo,
data__oidcSsoInfo,
data__signInBehavior
)
SELECT 
'{{ targetGroup }}',
'{{ targetOrgUnit }}',
'{{ customer }}',
{{ rank }},
'{{ ssoMode }}',
'{{ samlSsoInfo }}',
'{{ oidcSsoInfo }}',
'{{ signInBehavior }}'
RETURNING
name,
done,
error,
metadata,
response
;

# Description fields are for documentation purposes
- name: inbound_sso_assignments
  props:
    - name: targetGroup
      value: string
      description: >
        Immutable. Must be of the form `groups/{group}`.
        
    - name: targetOrgUnit
      value: string
      description: >
        Immutable. Must be of the form `orgUnits/{org_unit}`.
        
    - name: customer
      value: string
      description: >
        Immutable. The customer. For example: `customers/C0123abc`.
        
    - name: rank
      value: integer
      description: >
        Must be zero (which is the default value so it can be omitted) for assignments with `target_org_unit` set and must be greater-than-or-equal-to one for assignments with `target_group` set.
        
    - name: ssoMode
      value: string
      description: >
        Inbound SSO behavior.
        
      valid_values: ['SSO_MODE_UNSPECIFIED', 'SSO_OFF', 'SAML_SSO', 'OIDC_SSO', 'DOMAIN_WIDE_SAML_IF_ENABLED']
    - name: samlSsoInfo
      value: object
      description: >
        SAML SSO details. Must be set if and only if `sso_mode` is set to `SAML_SSO`.
        
    - name: oidcSsoInfo
      value: object
      description: >
        OpenID Connect SSO details. Must be set if and only if `sso_mode` is set to `OIDC_SSO`.
        
    - name: signInBehavior
      value: object
      description: >
        Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
        

`UPDATE` examples

patch

Updates an InboundSsoAssignment. The body of this request is the inbound_sso_assignment field and the update_mask is relative to that. For example: a PATCH to /v1/inboundSsoAssignments/0abcdefg1234567&update_mask=rank with a body of { "rank": 1 } moves that (presumably group-targeted) SSO assignment to the highest priority and shifts any other group-targeted assignments down in priority.

UPDATE google.cloudidentity.inbound_sso_assignments
SET 
data__targetGroup = '{{ targetGroup }}',
data__targetOrgUnit = '{{ targetOrgUnit }}',
data__customer = '{{ customer }}',
data__rank = {{ rank }},
data__ssoMode = '{{ ssoMode }}',
data__samlSsoInfo = '{{ samlSsoInfo }}',
data__oidcSsoInfo = '{{ oidcSsoInfo }}',
data__signInBehavior = '{{ signInBehavior }}'
WHERE 
inboundSsoAssignmentsId = '{{ inboundSsoAssignmentsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
done,
error,
metadata,
response;

`DELETE` examples

delete

Deletes an InboundSsoAssignment. To disable SSO, Create (or Update) an assignment that has sso_mode == SSO_OFF.

DELETE FROM google.cloudidentity.inbound_sso_assignments
WHERE inboundSsoAssignmentsId = '{{ inboundSsoAssignmentsId }}' --required;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​