Configuring impersonation with Management API - SSO
In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also Client Credentials Grant reference - SSO.
Impersonation is configured as a specific link between the application and the user.
NOTE that if an application impersonates a user which is deleted from the system also the link will be removed. A new user must be linked to the application to make client credentials grant authorized access use case functional again.
About SSO Management API in general, see Management API - SSO.
Manage impersonation from application side
Link name: impersonateAs
An application may have one impersonateAs
link to one user.
Method | Example request | Example response | Description |
---|---|---|---|
GET |
| When there is a link to {
"type": "application",
"id": "/application/Example/client1",
"objects": [
{
"type": "user",
"id": "/user/Example/user1",
"link": "impersonateAs"
}
]
} | Get the user linked to the given application with an |
PUT |
| {
"type": "application",
"id": "/application/Example/client1",
"objects": [
{
"type": "user",
"id": "/user/Example/user1",
"link": "impersonateAs"
}
]
} | Create or update the link from application to the user. No action if the link between the given application and user already exists. If another user name is given an existing |
DELETE |
| {
"type": "application",
"id": "/application/Example/client1"
} | Remove the link from application to the user. |
Manage impersonation from user side
Link name: impersonatedBy
The same user may have impersonatedBy
links to several applications.
Method | Example request | Example response | Description |
---|---|---|---|
GET |
| When there is a link to both | Get the applications linked to the given user with an |
PUT |
| Create or update the link from user to an application. No action if a link between the given user and application already exists. If another application name is given an existing | |
DELETE |
| Remove the link from user to the application. |
This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.