AWS SSO Identity Store

2020/08/18 - AWS SSO Identity Store - 4 new api methods

Changes  AWS Single Sign-On (SSO) Identity Store service provides an interface to retrieve all of your users and groups. It enables entitlement management per user or group for AWS SSO and other IDPs.

ListGroups (new) Link ¶

Lists the attribute name and value of the group that you specified in the search. We only support DisplayName as a valid filter attribute path currently, and filter is required. This API returns minimum attributes, including GroupId and group DisplayName in the response.

See also: AWS API Documentation

Request Syntax

client.list_groups(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
type IdentityStoreId

string

param IdentityStoreId

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request, which is used in the ListUsers and ListGroups request to specify how many results to return in one page. The length limit is 50 characters.

type NextToken

string

param NextToken

The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.

type Filters

list

param Filters

A list of Filter objects, which is used in the ListUsers and ListGroups request.

  • (dict) --

    A query filter used by ListUsers and ListGroup . This filter object provides the attribute name and attribute value to search users or groups.

    • AttributePath (string) -- [REQUIRED]

      The attribute path used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

    • AttributeValue (string) -- [REQUIRED]

      Represents the data for an attribute. Each attribute value is described as a name-value pair.

rtype

dict

returns

Response Syntax

{
    'Groups': [
        {
            'GroupId': 'string',
            'DisplayName': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Groups (list) --

      A list of Group objects in the identity store.

      • (dict) --

        A group object, which contains a specified group’s metadata and attributes.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • DisplayName (string) --

          Contains the group’s display name value. The length limit is 1024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space and non breaking space in this attribute. The characters “<>;:%” are excluded. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.

DescribeUser (new) Link ¶

Retrieves the user metadata and attributes from UserId in an identity store.

See also: AWS API Documentation

Request Syntax

client.describe_user(
    IdentityStoreId='string',
    UserId='string'
)
type IdentityStoreId

string

param IdentityStoreId

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

type UserId

string

param UserId

[REQUIRED]

The identifier for a user in the identity store.

rtype

dict

returns

Response Syntax

{
    'UserName': 'string',
    'UserId': 'string'
}

Response Structure

  • (dict) --

    • UserName (string) --

      Contains the user’s username value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers and punctuation. The characters “<>;:%” are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    • UserId (string) --

      The identifier for a user in the identity store.

DescribeGroup (new) Link ¶

Retrieves the group metadata and attributes from GroupId in an identity store.

See also: AWS API Documentation

Request Syntax

client.describe_group(
    IdentityStoreId='string',
    GroupId='string'
)
type IdentityStoreId

string

param IdentityStoreId

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

type GroupId

string

param GroupId

[REQUIRED]

The identifier for a group in the identity store.

rtype

dict

returns

Response Syntax

{
    'GroupId': 'string',
    'DisplayName': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier for a group in the identity store.

    • DisplayName (string) --

      Contains the group’s display name value. The length limit is 1024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space and non breaking space in this attribute. The characters “<>;:%” are excluded. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

ListUsers (new) Link ¶

Lists the attribute name and value of the user that you specified in the search. We only support UserName as a valid filter attribute path currently, and filter is required. This API returns minimum attributes, including UserId and UserName in the response.

See also: AWS API Documentation

Request Syntax

client.list_users(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
type IdentityStoreId

string

param IdentityStoreId

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request, which is used in the ListUsers and ListGroups request to specify how many results to return in one page. The length limit is 50 characters.

type NextToken

string

param NextToken

The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.

type Filters

list

param Filters

A list of Filter objects, which is used in the ListUsers and ListGroups request.

  • (dict) --

    A query filter used by ListUsers and ListGroup . This filter object provides the attribute name and attribute value to search users or groups.

    • AttributePath (string) -- [REQUIRED]

      The attribute path used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

    • AttributeValue (string) -- [REQUIRED]

      Represents the data for an attribute. Each attribute value is described as a name-value pair.

rtype

dict

returns

Response Syntax

{
    'Users': [
        {
            'UserName': 'string',
            'UserId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Users (list) --

      A list of User objects in the identity store.

      • (dict) --

        A user object, which contains a specified user’s metadata and attributes.

        • UserName (string) --

          Contains the user’s username value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers and punctuation. The characters “<>;:%” are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

        • UserId (string) --

          The identifier for a user in the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.