REST Interface for External User Info Endpoint
Audience: System Administrators
Content Summary: If your organization uses one system for authentication and has another system that contains attributes that must be added to users in Immuta to grant access to data, you can implement an interface that adds attributes to users whenever they log in to Immuta.
The system queries the configurable endpoint when users log in with their
useridand then merges the response with the groups and attributes returned from the IAM.For instructions on how to configure an external user endpoint, see Configuring an External User Info Endpoint.
Authentication
The service can authenticate requests with both or either of the following methods:
- Basic username and password
Authorizationheader - SSL cert validation
For more information, please refer to Configuring an External User Info Endpoint.
Note: Immuta will expect non 200 error codes when the user info cannot be retrieved.
GET /user-info
The user info endpoint will be called each time Immuta needs to synchronize with a remote IAM on user groups and authorizations. Immuta will query the endpoint with the user ID specified in request's query.
Note: The endpoint's path does not necessarily have to be /user-info.
Parameters
| Name | Located in | Description | Required | Schema |
|---|---|---|---|---|
userid |
query | The unique user identifier (username in Immuta) | Yes | string |
Responses
| Code | Description |
|---|---|
| 200 | successful operation - user info retrieved successfully |
Response Schema
| Name | Example |
|---|---|
| groups | [{"name": "<group_name>"}] |
| authorizations | {"<authorization_name>": ["<value>"]} |
Below is an example value that could be returned by the endpoint:
{
"groups": [{
"name": "Accountants",
}, {
"name": "Controllers",
}],
"authorizations": {
"EMEA": ["Sales", "Expenses"],
"APAC": ["Sales"]
}
}