Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Identity and Access Management
  • Getting started
    • How to manage access to resources
    • How to work with service accounts
  • Step-by-step instructions
    • All instructions
    • Users
      • Adding users
      • Getting user ID or email
      • Deleting a user
    • Service accounts
      • Creating a service account
      • Updating a service account
      • Assigning roles to a service account
      • Setting up access rights for a service account
      • Creating static access keys
      • Getting the service account ID
      • Deleting service accounts
    • Identity federations
      • Authentication using Active Directory
      • Authentication using G Suite
      • Authentication using an identity federation
      • Adding users
    • Roles
      • Assigning roles
      • Viewing assigned roles
      • Revoking roles
    • IAM tokens
      • Getting an IAM token for a Yandex account
      • Getting an IAM token for a service account
      • Getting an IAM token for a federated account
    • Keys
      • Creating API keys
      • Deleting API keys
      • Creating authorized keys
  • Concepts
    • Overview
    • How access management works
      • Overview
      • Roles
      • System groups
      • Resources that roles can be assigned for
    • Authorization
      • Overview
      • IAM token
      • OAuth token
      • API key
      • Authorized keys
      • AWS-compatible access keys
    • Service accounts
    • SAML-compatible identity federations
    • Quotas and limits
  • How to use Yandex.Cloud securely
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ApiKeyService
      • IamTokenService
      • KeyService
      • RoleService
      • ServiceAccountService
      • UserAccountService
      • YandexPassportUserAccountService
      • AccessKeyService
      • CertificateService
      • FederationService
      • OperationService
    • REST
      • Overview
      • ApiKey
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • IamToken
        • Overview
        • create
      • Key
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • Role
        • Overview
        • get
        • list
      • ServiceAccount
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
      • UserAccount
        • Overview
        • get
      • YandexPassportUserAccount
        • Overview
        • getByLogin
      • Operation
        • Overview
        • get
      • Federation
        • Overview
        • update
        • list
        • listUserAccounts
        • get
        • delete
        • addUserAccounts
        • create
        • listOperations
      • Certificate
        • Overview
        • update
        • list
        • get
        • delete
        • create
        • listOperations
      • AccessKey
        • Overview
        • update
        • list
        • get
        • delete
        • create
        • listOperations
  • Questions and answers
    • General questions
    • Logging in and accessing resources
    • All questions on the same page
  1. API reference
  2. REST
  3. Federation
  4. get

Method get

  • HTTP request
  • Path parameters
  • Response

Returns the specified federation.

To get the list of available federations, make a list request.

HTTP request

GET https://iam.api.cloud.yandex.net/iam/v1/saml/federations/{federationId}

Path parameters

Parameter Description
federationId ID of the federation to return. To get the federation ID, make a list request. The maximum string length in characters is 50.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "folderId": "string",
  "name": "string",
  "description": "string",
  "createdAt": "string",
  "cookieMaxAge": "string",
  "autoCreateAccountOnLogin": true,
  "issuer": "string",
  "ssoBinding": "string",
  "ssoUrl": "string",
  "securitySettings": {
    "encryptedAssertions": true
  },
  "caseInsensitiveNameIds": true
}

A federation.
For more information, see SAML-compatible identity federations.

Field Description
id string

Required. ID of the federation.

The maximum string length in characters is 50.

folderId string

Required. ID of the folder that the federation belongs to.

The maximum string length in characters is 50.

name string

Required. Name of the federation.

Value must match the regular expression \|[a-z][-a-z0-9]{1,61}[a-z0-9].

description string

Description of the federation.

The maximum string length in characters is 256.

createdAt string (date-time)

Creation timestamp.

String in RFC3339 text format.

cookieMaxAge string

Browser cookie lifetime in seconds. If the cookie is still valid, the management console authenticates the user immediately and redirects them to the home page.

Acceptable values are 600 seconds to 43200 seconds, inclusive.

autoCreateAccountOnLogin boolean (boolean)

Add new users automatically on successful authentication. The user will get the resource-manager.clouds.member role automatically, but you need to grant other roles to them.

If the value is false, users who aren't added to the cloud can't log in, even if they have authenticated on your server.

issuer string

Required. ID of the IdP server to be used for authentication. The IdP server also responds to IAM with this ID after the user authenticates.

The maximum string length in characters is 8000.

ssoBinding string

Single sign-on endpoint binding type. Most Identity Providers support the POST binding type.

SAML Binding is a mapping of a SAML protocol message onto standard messaging formats and/or communications protocols.

  • POST: HTTP POST binding.
  • REDIRECT: HTTP redirect binding.
  • ARTIFACT: HTTP artifact binding.
ssoUrl string

Required. Single sign-on endpoint URL. Specify the link to the IdP login page here.

The maximum string length in characters is 8000.

securitySettings object

Federation security settings.

Federation security settings.

securitySettings.
encryptedAssertions
boolean (boolean)

Enable encrypted assertions.

caseInsensitiveNameIds boolean (boolean)

Use case insensitive Name IDs.

In this article:
  • HTTP request
  • Path parameters
  • Response
Language
Careers
Privacy policy
Terms of use
© 2021 Yandex.Cloud LLC