The newSamlIdentityProvider() GraphQL mutation may be used to add a new SAML identity provider in LogScale.

For more information on SAML, see the Configuration & Authentication with SAML documentation page. You may also want to look at Authentication & Identity Providers for related information.

Syntax

Below is the syntax for the newSamlIdentityProvider() mutation field:

graphql
newSamlIdentityProvider(
     id: string
     name: string!
     signOnUrl: string!
     idpCertificateInBase64: string!
     idpEntityId: string!
     domains: [string!]!
     groupMembershipAttribute: string
     userAttribute: string
     enableDebug: boolean
     adminAttribute: string
     adminAttributeMatch: string
   ): SamlIdentityProvider!

Returned Datatypes

The returned datatype SamlIdentityProvider has its own parameters. Below is a list of them along with their datatypes and a description of each:

Table: SamlIdentityProvider

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
adminAttributestring  This field is for internal use only by LogScale.
adminAttributeMatchstring  This field is for internal use only by LogScale.
alternativeIdpCertificateInBase64string  An alternative IdP certificate using Base64 encoding.
authenticationMethodAuthenticationMethodAuth  The authentication method used. See AuthenticationMethodAuth.
debugbooleanyes Whether debugging is enabled.
defaultIdpbooleanyes Whether the identity service provider is the default.
domains[string]yes The domains of the SAML identity provider.
groupMembershipAttributestring  The saml attribute used to extract groups from when receiving the SamlResponse from the IDP. The groups from the response will be used to synchronize the membership of groups in LogScale. The group name and external provider name of the group are matched in LogScale.
humioManagedbooleanyes Where SAML authentication is managed by LogScale.
idstringyes The unique identifier for the SAML installation.
idpCertificateInBase64stringyes The identity provider's certificated converted to Base64.
idpEntityIdstringyes The unique identifier of the IDP entity.
lazyCreateUsersbooleanyes Whether to wait to create users until necessary.
namestringyes The name of the SAML identity provider.
signOnUrlstringyes The URL of where the sign on page is located.
userAttributestring  This is the saml attribute from which to extract username when receiving the SamlResponse from the IDP. If not specified, the default saml:NameID will be used.