If you are using Federated Authentication mechanisms, this API allows you to automatically map groups of users to roles in Datadog using attributes sent from your Identity Provider. To create and manage Authentication Mappings through the API, users need to use an application key owned by someone with the Access Management permission.
Note: If you are a SAML user, Datadog strongly recommends that you transition to using this API.
You can also create and manage mappings in the Datadog UI, on the Mappings tab in User Management. See SAML group mapping for more information.
role["data"]["id"] [required, no default]:
The ID of the Role to map to. The Roles API can be used to create and manage Datadog roles, what global permissions they grant, and which users belong to them.
Note: This attribute should be presented as part of a role relationship block in requests. See the example below for more details. When you create a Role, it is assigned an ID. For more information about finding the ID for the role you want to map to, see the Role API documentation.
attributes["attribute_key"] [required, no default]:
The attribute_key is the key portion of a key/value pair that represents an attribute sent from your Identity Provider. You can define these for your own use case. For example, attribute_key could be member-of and the attribute_value could be Development.
attributes["attribute_value"] [required, no default]:
The attribute_value is the value portion of a key/value pair that represents an attribute sent from your Identity Provider. You can define these for your own use case. For example, attribute_key could be member-of and the attribute_value could be Development.
sort [optional, default=created_at]:
Sort attribute and direction—defaults to ascending order, -<attribute> sorts in descending order. Can also sort on relationship attributes role.name, saml_assertion_attribute.attribute_key, saml_assertion_attribute.attribute_value.
page[number] [optional, default=0, minimum=0]:
The page of results to return.
page[size] [optional, default=10]:
The number of results to return on each page.
filter [optional, default=none]:
Filter by tags as strings. For example, Billing Users.
{authn_mapping_id} [required, no default]:
Replace {authn_mapping_id} with the ID of the AuthN Mapping you want to update. This is required in both the path of the request and the body of the request.
role["data"]["id"] [optional, default=none]:
The ID of the Role to map to. The Roles API can be used to create and manage Datadog roles, what global permissions they grant, and which users belong to them.
Note: This attribute should be presented as part of a role relationship block in requests. See the example below for more details. When you create a Role, it is assigned an ID. For more information about finding the ID for the role you want to map to, see the Role API documentation.
attributes["attribute_key"] [optional, default=none]:
The attribute_key is the key portion of a key/value pair that represents an attribute sent from your Identity Provider. You can define these for your own use case. For example, attribute_key could be member-of and the attribute_value could be Development.
attributes["attribute_value"] [optional, default=none]:
The attribute_value is the value portion of a key/value pair that represents an attribute sent from your Identity Provider. You can define these for your own use case. For example, attribute_key could be member-of and the attribute_value could be Development.
When mappings are enabled, all users logging in with SAML are stripped of their roles and reassigned roles based on the values in their SAML assertion. It's important to confirm you are receiving the expected SAML assertions in your login before enabling the mapping enforcement.
Enables/disables the enforcement of all AuthN Mappings.
