newSamlIdentityProvider()

API Stability	`Long-Term`

The newSamlIdentityProvider() GraphQL mutation may be used to add a new SAML identity provider in LogScale.

For more information on SAML, see the Configuration & Authentication with SAML documentation page. You may also want to look at Authentication & Identity Providers for related information.

Syntax

Below is the syntax for the newSamlIdentityProvider() mutation field:

graphql

newSamlIdentityProvider(
     id: string,
     name: string!,
     signOnUrl: string!,
     idpCertificateInBase64: string!,
     idpEntityId: string!,
     domains: [string!]!,
     groupMembershipAttribute: string,
     userAttribute: string,
     enableDebug: boolean,
     adminAttribute: strin,g
     adminAttributeMatch: string,
     defaultIdp: Boolean,
     humioOwned: Boolean,
     lazyCreateUsers: Boolean,
     alternativeIdpCertificateInBase64: string
   ): SamlIdentityProvider!

The adminAttribute, adminAttributeMatch, and humioOwned parameters are used internally by CrowdStrike administrators.

Below is an example of how this mutation field might be used:

Show:

graphql

mutation {
  newSamlIdentityProvider(
     name: "Samuel-IDP",
     signOnUrl: "https://my.samlidp.com",
     idpCertificateInBase64: "12345678",
     idpEntityId: "abc123",
     domains: ["humio"]
  )
  { id }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  newSamlIdentityProvider(
     name: \"Samuel-IDP\",
     signOnUrl: \"https://my.samlidp.com\",
     idpCertificateInBase64: \"12345678\",
     idpEntityId: \"abc123\",
     domains: [\"humio\"]
  )
  { id }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  newSamlIdentityProvider(
     name: \"Samuel-IDP\",
     signOnUrl: \"https://my.samlidp.com\",
     idpCertificateInBase64: \"12345678\",
     idpEntityId: \"abc123\",
     domains: [\"humio\"]
  )
  { id }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  newSamlIdentityProvider( ^
     name: \"Samuel-IDP\", ^
     signOnUrl: \"https://my.samlidp.com\", ^
     idpCertificateInBase64: \"12345678\", ^
     idpEntityId: \"abc123\", ^
     domains: [\"humio\"] ^
  ) ^
  { id } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  newSamlIdentityProvider(
     name: \"Samuel-IDP\",
     signOnUrl: \"https://my.samlidp.com\",
     idpCertificateInBase64: \"12345678\",
     idpEntityId: \"abc123\",
     domains: [\"humio\"]
  )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  newSamlIdentityProvider(
     name: \"Samuel-IDP\",
     signOnUrl: \"https://my.samlidp.com\",
     idpCertificateInBase64: \"12345678\",
     idpEntityId: \"abc123\",
     domains: [\"humio\"]
  )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  newSamlIdentityProvider(
     name: \"Samuel-IDP\",
     signOnUrl: \"https://my.samlidp.com\",
     idpCertificateInBase64: \"12345678\",
     idpEntityId: \"abc123\",
     domains: [\"humio\"]
  )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  newSamlIdentityProvider(
     name: \"Samuel-IDP\",
     signOnUrl: \"https://my.samlidp.com\",
     idpCertificateInBase64: \"12345678\",
     idpEntityId: \"abc123\",
     domains: [\"humio\"]
  )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    SOMETHING
    }
  }
}

Returned Datatypes

The returned datatype SamlIdentityProvider has many parameters. Below is a list of them and a description of each:

Table: SamlIdentityProvider

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 17, 2025
`adminAttribute`	string		`Long-Term`	This field is for internal use only by LogScale.
`adminAttributeMatch`	string		`Long-Term`	This field is for internal use only by LogScale.
`alternativeIdpCertificateInBase64`	string		`Long-Term`	An alternative IdP certificate using Base64 encoding.
`authenticationMethod`	`AuthenticationMethodAuth`	yes	`Long-Term`	The authentication method used. See `AuthenticationMethodAuth`.
`debug`	boolean	yes	`Long-Term`	Whether debugging is enabled.
`defaultIdp`	boolean	yes	`Long-Term`	Whether the identity service provider is the default.
`domains`	[string]	yes	`Long-Term`	The domains of the SAML identity provider.
`groupMembershipAttribute`	string		`Long-Term`	The saml attribute used to extract groups from when receiving the SamlResponse from the IDP. The groups from the response will be used to synchronize the membership of groups in LogScale. The group name and external provider name of the group are matched in LogScale.
`humioManaged`	boolean	yes	`Long-Term`	Where SAML authentication is managed by LogScale.
`id`	string	yes	`Long-Term`	The unique identifier for the SAML installation.
`idpCertificateInBase64`	string	yes	`Long-Term`	The identity provider's certificated converted to Base64.
`idpEntityId`	string	yes	`Long-Term`	The unique identifier of the IDP entity.
`lazyCreateUsers`	boolean	yes	`Long-Term`	Whether to wait to create users until necessary.
`name`	string	yes	`Long-Term`	The name of the SAML identity provider.
`signOnUrl`	string	yes	`Long-Term`	The URL of where the sign on page is located.
`userAttribute`	string		`Long-Term`	This is the saml attribute from which to extract username when receiving the `SamlResponse` from the IDP. If not specified, the default `saml:NameID` will be used.

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes