mirror of
https://github.com/GAM-team/GAM.git
synced 2026-06-22 15:11:37 +00:00
f0d984c693
Some checks failed
Push wiki / pushwiki (push) Has been cancelled
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
196 lines
8.5 KiB
Markdown
196 lines
8.5 KiB
Markdown
# Inbound SSO
|
|
- [Setup SSO](https://support.google.com/a/answer/12032922)
|
|
- [Admin Console](https://admin.google.com/ac/security/sso)
|
|
- [API documentation](#api-documentation)
|
|
- [Definitions](#definitions)
|
|
- [Setup SSO](#setupsso)
|
|
- [Manage profiles](#manage-profiles)
|
|
- [Display profiles](#display-profiles)
|
|
- [Manage credentials](#manage-credentials)
|
|
- [Display credentials](#display-credentials)
|
|
- [Manage assignments](#manage-assignments)
|
|
- [Display assignments](#display-assignments)
|
|
|
|
## API documentation
|
|
* [Cloud Identity API - Inbound SAML SSO Profiles](https://cloud.google.com/identity/docs/reference/rest/v1beta1/inboundSamlSsoProfiles)
|
|
* [Cloud Identity API - Inbound SAML SSO Profiles idp Credentials](https://cloud.google.com/identity/docs/reference/rest/v1beta1/inboundSamlSsoProfiles.idpCredentials)
|
|
* [Cloud Identity API - Inbound OIDC SSO Profiles](https://cloud.google.com/identity/docs/reference/rest/v1beta1/inboundOidcSsoProfiles)
|
|
* [Cloud Identity API - Inbound SSO Assignments](https://cloud.google.com/identity/docs/reference/rest/v1beta1/inboundSsoAssignments)
|
|
|
|
## Definitions
|
|
```
|
|
<DomainName> ::= <String>(.<String>)+
|
|
<EmailAddress> ::= <String>@<DomainName>
|
|
<FileName> ::= <String>
|
|
<OrgUnitPath> ::= /|(/<String>)+
|
|
|
|
<SSOProfileDisplayName> ::= <String>
|
|
<SSOProfileName> ::= id:inboundSamlSsoProfiles/<String>
|
|
<SSOProfileItem> ::= <SSOProfileDisplayName>|<SSOProfileName>
|
|
<SSOProfileItemList> ::= "<SSOProfileItem>(,<SSOProfileItem>)*"
|
|
|
|
<SSOCredentialsName> ::= [id:]inboundSamlSsoProfiles/<String>/idpCredentials/<String>
|
|
|
|
<SSOAssignmentName> ::= [id:]inboundSsoAssignments/<String>
|
|
<SSOAssignmentSelector> ::=
|
|
<SSOAssignmentName> |
|
|
groups/<String> |
|
|
group:<EmailAddress> |
|
|
orgunits/<String> |
|
|
orgunit:<OrgUnitPath>
|
|
```
|
|
## Manage profiles
|
|
```
|
|
gam create inboundssoprofile [saml|oidc] [name <SSOProfileDisplayName>]
|
|
[entityid <String>] [loginurl <URL>] [logouturl <URL>] [changepasswordurl <URL>]
|
|
[returnnameonly]
|
|
gam update inboundssoprofile [saml|oidc] <SSOProfileItem>
|
|
[entityid <String>] [loginurl <URL>] [logouturl <URL>] [changepasswordurl <URL>]
|
|
[returnnameonly]
|
|
```
|
|
Select type of profile:
|
|
* `saml` - SAML profile; this is the default
|
|
* `oidc` - OIDC profile
|
|
|
|
By default, all fields of the created|updated profile are displayed;
|
|
use the `returnnameonly` option to have GAM display just the profile name of the created|updated profile.
|
|
This will be useful in scripts that create|update a profile and then want to perform subsequent GAM commands that
|
|
reference the profile.
|
|
|
|
If `returnnameonly` is specified, `inProgress` is returned if the API does not return a complete result.
|
|
|
|
```
|
|
gam delete inboundssoprofile [saml|oidc] <SSOProfileItem>
|
|
```
|
|
Select type of profile:
|
|
* `saml` - SAML profile; this is the default
|
|
* `oidc` - OIDC profile
|
|
|
|
## Display profiles
|
|
Display a specific profile.
|
|
```
|
|
gam info inboundssoprofile [all|saml|oidc] <SSOProfileItem>
|
|
[formatjson]
|
|
```
|
|
Select type of profile:
|
|
* `all` - All profiles are displayed; this is the default
|
|
* `saml` - SAML profile
|
|
* `oidc` - OIDC profile
|
|
|
|
By default, Gam displays the information as an indented list of keys and values.
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
Display profiles.
|
|
```
|
|
gam show inboundssoprofiles [all|saml|oidc]
|
|
[formatjson]
|
|
```
|
|
Select profiles to display:
|
|
* `all` - All profiles are displayed; this is the default
|
|
* `saml` - Display SAML profiles
|
|
* `oidc` - Display OIDC profiles
|
|
|
|
By default, Gam displays the information as an indented list of keys and values.
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
Display profiles in a CSV file.
|
|
```
|
|
gam print inboundssoprofiles [all|saml|oidc] [todrive <ToDriveAttribute>*]
|
|
[[formatjson [quotechar <Character>]]
|
|
```
|
|
Select profiles to display:
|
|
* `all` - All profiles are displayed; this is the default
|
|
* `saml` - Display SAML profiles
|
|
* `oidc` - Display OIDC profiles
|
|
|
|
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
|
|
the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
|
|
When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
|
|
The `quotechar <Character>` option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
|
|
`quotechar` defaults to `gam.cfg/csv_output_quote_char`. When uploading CSV files to Google, double quote `"` should be used.
|
|
|
|
## Manage credentials
|
|
```
|
|
gam create inboundssocredential profile <SSOProfileItem>
|
|
(pemfile <FileName>)|(generatekey [keysize 1024|2048|4096]) [replaceolddest]
|
|
gam delete inboundssocredential <SSOCredentialsName>
|
|
```
|
|
|
|
## Display credentials
|
|
Display a specific credential.
|
|
```
|
|
gam info inboundssocredential <SSOCredentialsName>
|
|
[formatjson]
|
|
```
|
|
By default, Gam displays the information as an indented list of keys and values.
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
Display all credentials.
|
|
```
|
|
gam show inboundssocredentials [profile|profiles <SSOProfileItemList>]
|
|
[formatjson]
|
|
```
|
|
By default, Gam displays the information as an indented list of keys and values.
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
Display all credentials in a CSV file.
|
|
```
|
|
gam print inboundssocredentials [profile|profiles <SSOProfileItemList>]
|
|
[[formatjson [quotechar <Character>]]
|
|
```
|
|
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
|
|
the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
|
|
When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
|
|
The `quotechar <Character>` option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
|
|
`quotechar` defaults to `gam.cfg/csv_output_quote_char`. When uploading CSV files to Google, double quote `"` should be used.
|
|
|
|
## Manage assignments
|
|
```
|
|
gam create inboundssoassignment
|
|
(group <GroupItem> rank <Number>)|(ou|org|orgunit <OrgUnitItem>)
|
|
(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)(mode domain_wide_saml_if_enabled)
|
|
[neverredirect]
|
|
gam update inboundssoassignment <SSOAssignmentName>
|
|
[(group <GroupItem> rank <Number>)|(ou|org|orgunit <OrgUnitItem>)]
|
|
[(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)(mode domain_wide_saml_if_enabled)]
|
|
[neverredirect]
|
|
gam delete inboundssoassignment <SSOAssignmentSelector>
|
|
```
|
|
|
|
## Display assignments
|
|
Display a specific assignment.
|
|
```
|
|
gam info inboundssoassignment <SSOAssignmentSelector>
|
|
[formatjson]
|
|
```
|
|
By default, Gam displays the information as an indented list of keys and values.
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
Display all assignments.
|
|
```
|
|
gam show inboundssoassignments
|
|
[formatjson]
|
|
```
|
|
By default, Gam displays the information as an indented list of keys and values.
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
Display all assignments in a CSV file.
|
|
```
|
|
gam print inboundssoassignments [todrive <ToDriveAttribute>*]
|
|
[[formatjson [quotechar <Character>]]
|
|
```
|
|
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
|
|
* `formatjson` - Display the fields in JSON format.
|
|
|
|
By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
|
|
the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
|
|
When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
|
|
The `quotechar <Character>` option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
|
|
`quotechar` defaults to `gam.cfg/csv_output_quote_char`. When uploading CSV files to Google, double quote `"` should be used.
|