API endpoint to create SAML based SSO user?
We are looking to explore integrating Sisense with SSO, specifically SAML based auth through Auth0. I have been able to hook up Sisense (7.3) to Auth0 and when I navigate to the login page, it correctly routes me through the Auth0 authentication process. It even creates the user in Sisense automatically if it's the first time the user is logging into Sisense.
However, prior to enabling SSO, we have been using a process to create users/groups via the Sisense REST API. Unfortunately, I don't see anything in the REST API documents to automatically create users that can be linked to an SSO backed account.
As a way of comparison, a normally created user in Sisense (that uses username/password within Sisense) looks like the following when querying the /v1/users endpoint:
{
"_id": "5cc7065ac05e7d1030cc7d8f",
"roleId": "581264cba78c90f5311ef084",
"userName": "<user_name>",
"firstName": "<first_name>",
"lastName": "<last_name>",
"email": "<email>",
"active": true,
"created": "2019-04-29T14:12:42.904Z",
"lastUpdated": "2019-04-29T14:12:42.904Z",
"lastLogin": "2019-04-29T14:12:42.904Z",
"preferences": {
"language": ""
}
}
In contrast, an SSO enabled user (using SAML auth) looks like the following from the same endpoint:
{
"_id": "5ceedc20e1abdc1828f58573",
"roleId": "581264cba78c90f5311ef084",
"userName": "<user_name>",
"firstName": "<first_name>",
"email": "<email>",
"active": true,
"created": "2019-05-29T19:23:12.629Z",
"lastUpdated": "2019-05-29T19:23:12.629Z",
"lastLogin": "2019-05-29T19:23:12.629Z",
"createdSso": "saml"
}
Notice that there's a createdSso property that exists. In addition, when a user is created this way, it is automatically activated (no confirmation email is sent out).
Does anyone know how a user like this can be created in Sisense via the API?
-
Hi Rajiv,
I ran a quick test with the scenario you are trying to achieve. As long as the original Sisense-created user and the new SSO user have the same email address, you should be able to allow Sisense-created users log in with SSO.
Test steps:
1. Create user with password in Sisense
2. Log into your Sisense site using the SSO URL (in this case, http://localhost:8081 redirects to our Dev SSO system)
3. See the user can log in and their dashboards are still preserved
4. Log into Sisense as an Admin and check to make sure there are not duplicates of the user (prove that it is the same user)
Note:
I'm thinking the main cleanup you'll need to do is to clear out the old passwords for these users. As far as I know this cannot be achieved with the APIs so you would need to delete the hashed password from MongoDB from the users.
Hope that helps,
Katie Garrison | Technical Solutions Consultant
Please sign in to leave a comment.
Comments
1 comment