Resource: InboundSsoAssignment
Targets with "set" SSO assignments and their respective assignments.
JSON representation |
---|
{ "name": string, "customer": string, "rank": integer, "ssoMode": enum ( |
Fields | |
---|---|
name |
Output only. Resource name of the Inbound SSO Assignment. |
customer |
Immutable. The customer. For example: |
rank |
Must be zero (which is the default value so it can be omitted) for assignments with |
sso |
Inbound SSO behavior. |
saml |
SAML SSO details. Must be set if and only if |
sign |
Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration. |
Union field When multiple assignments apply to a given user, precedence is as follows: 1) The applicable group-targeting assignment with the numerically-lowest 2) If no group-targeting assignments apply, the applicable orgUnit-targeting assignment on the innermost-enclosing Organizational Unit takes precedence.
|
|
target |
Immutable. Must be of the form |
target |
Immutable. Must be of the form |
SsoMode
Inbound SSO behaviors.
Enums | |
---|---|
SSO_MODE_UNSPECIFIED |
Not allowed. |
SSO_OFF |
Disable SSO for the targeted users. |
SAML_SSO |
Use an external SAML Identity Provider for SSO for the targeted users. |
DOMAIN_WIDE_SAML_IF_ENABLED |
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF . Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF . |
SamlSsoInfo
Details that are applicable when ssoMode
== SAML_SSO
.
JSON representation |
---|
{ "inboundSamlSsoProfile": string } |
Fields | |
---|---|
inbound |
Required. Name of the |
SignInBehavior
Controls sign-in behavior.
JSON representation |
---|
{
"redirectCondition": enum ( |
Fields | |
---|---|
redirect |
When to redirect sign-ins to the IdP. |
RedirectCondition
Controls redirection to the IdP.
Enums | |
---|---|
REDIRECT_CONDITION_UNSPECIFIED |
Default and means "always" |
NEVER |
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity. |
Methods |
|
---|---|
|
Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit . |
|
Deletes an InboundSsoAssignment . |
|
Gets an InboundSsoAssignment . |
|
Lists the InboundSsoAssignment s for a Customer . |
|
Updates an InboundSsoAssignment . |