The newSamlIdentityProvider() GraphQL mutation may be used to add a new SAML identity provider in LogScale.

For more information on SAML, see the Configuration & Authentication with SAML documentation page. You may also want to look at Authentication & Identity Providers for related information.

Syntax

Below is the syntax for the newSamlIdentityProvider() mutation field:

graphql
newSamlIdentityProvider(
     id: string
     name: string!
     signOnUrl: string!
     idpCertificateInBase64: string!
     idpEntityId: string!
     domains: [string!]!
     groupMembershipAttribute: string
     userAttribute: string
     enableDebug: boolean
     adminAttribute: string
     adminAttributeMatch: string
   ): SamlIdentityProvider!

Returned Datatypes

The returned datatype SamlIdentityProvider has its own parameters. Below is a list of them along with their datatypes and a description of each:

Table: SamlIdentityProvider

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Oct 3, 2024
adminAttributestring   This field is for internal use only by LogScale.
adminAttributeMatchstring   This field is for internal use only by LogScale.
alternativeIdpCertificateInBase64string   An alternative IdP certificate using Base64 encoding.
authenticationMethodAuthenticationMethodAuth   The authentication method used. See AuthenticationMethodAuth.
debugbooleanyes  Whether debugging is enabled.
defaultIdpbooleanyes  Whether the identity service provider is the default.
domains[string]yes  The domains of the SAML identity provider.
groupMembershipAttributestring   The saml attribute used to extract groups from when receiving the SamlResponse from the IDP. The groups from the response will be used to synchronize the membership of groups in LogScale. The group name and external provider name of the group are matched in LogScale.
humioManagedbooleanyes  Where SAML authentication is managed by LogScale.
idstringyes  The unique identifier for the SAML installation.
idpCertificateInBase64stringyes  The identity provider's certificated converted to Base64.
idpEntityIdstringyes  The unique identifier of the IDP entity.
lazyCreateUsersbooleanyes  Whether to wait to create users until necessary.
namestringyes  The name of the SAML identity provider.
signOnUrlstringyes  The URL of where the sign on page is located.
userAttributestring   This is the saml attribute from which to extract username when receiving the SamlResponse from the IDP. If not specified, the default saml:NameID will be used.