AtlanSSO: manage SSO group mapping

Use AtlanSSO in the Atlan Python SDK to programmatically manage SSO group mappings between your identity provider and Atlan groups.

You can use the SDK's SSO client to manage your SSO group mapping in Atlan.

Create new group mapping

To create a new SSO group mapping:

Java

Coming soon

Python

Create a new SSO group mapping

from pyatlan.client.atlan import AtlanClient
from pyatlan.model.enums import AtlanSSO

client = AtlanClient()

atlan_group = client.group.get_by_name("atlan-group") # (1)
atlan_group = atlan_group.records[0]

response = client.sso.create_group_mapping( # (2)
    sso_alias=AtlanSSO.AZURE_AD,
    atlan_group=atlan_group,
    sso_group_name="sso_group_name",
)

1. Begin by retrieving the Atlan group for which you wish to create a group mapping. In this example, we retrieve an existing Atlan group by its name.

2. To create a new group mapping, provide the following:

   • name of the SSO provider.
   • existing Atlan group.
   • name of the existing SSO group.

Kotlin

Coming soon

Raw REST API

POST /api/service/idp/azure/mappers

{
   "identityProviderAlias": "azure", // (1)
   "identityProviderMapper": "saml-group-idp-mapper",
   "name": "0d9b0028-513c-4536-af90-d594ef2d549c--1713772147406",  // (2)
   "config": {
       "syncMode": "FORCE",
       "attributes": "[]",
       "are.attribute.values.regex": "",
       "attribute.name": "memberOf",
       "group": "atlan_group_name",  // (3)
       "attribute.value": "sso_group_name"  // (4)
   }
}

1. Specify the SSO provider; here, we create group mapping for Azure AD SSO.
2. Set the group mapping name in the format <atlan_group_id>--<epoch_timestamp>.
3. Provide the name of the existing Atlan group.
4. Provide the name of the existing SSO group.

Retrieve group mapping

Retrieve group mapping by ID

To retrieve an existing SSO group mapping:

Java

Coming soon

Python

Retrieve an existing SSO group mapping

from pyatlan.client.atlan import AtlanClient
from pyatlan.model.enums import AtlanSSO

client = AtlanClient()

response = client.sso.get_group_mapping( # (1)
    sso_alias=AtlanSSO.AZURE_AD,
    group_map_id="0637576a-5419-40d7-b6cb-fe5841b1da4b",
)

1. To retrieve an existing group mapping, provide the following:

   • name of the SSO provider.
   • existing SSO group map identifier.

Kotlin

Coming soon

Raw REST API

All details are present the URL itself

Note that you need to specify the SSO alias and map identifier directly in the URL. For this example, we're retrieving a group mapping for Azure AD SSO.

Retrieve all group mappings

To retrieve all existing SSO group mappings:

Java

Coming soon

Python

Retrieve all existing SSO group mappings

from pyatlan.client.atlan import AtlanClient
from pyatlan.model.enums import AtlanSSO

client = AtlanClient()

response = client.sso.get_all_group_mappings(sso_alias=AtlanSSO.AZURE_AD) # (1)

1. To retrieve all existing group mappings, you need to provide the name of the SSO provider. Here, we're retrieving all group mappings for Azure AD SSO.

Kotlin

Coming soon

Raw REST API

All details are present the URL itself

Note that you need to specify the SSO alias directly in the URL. For this example, we're retrieving all group mappings for Azure AD SSO.

Update existing group mapping

To update an existing SSO group mapping:

Java

Coming soon

Python

Update an existing SSO group mapping

from pyatlan.client.atlan import AtlanClient
from pyatlan.model.enums import AtlanSSO

client = AtlanClient()

atlan_group = client.group.get_by_name("atlan-group") # (1)
atlan_group = atlan_group.records[0]

response = client.sso.update_group_mapping( # (2)
    sso_alias=AtlanSSO.AZURE_AD,
    atlan_group=atlan_group,
    group_map_id="0637576a-5419-40d7-b6cb-fe5841b1da4b",
    sso_group_name="sso_group_name_updated",
)

1. Begin by retrieving the Atlan group for which you wish to update a group mapping. In this example, we retrieve an existing Atlan group by its name.

2. To update an existing group mapping, provide the following:

   • name of the SSO provider.
   • existing Atlan group.
   • existing SSO group map identifier.
   • updated name of the existing SSO group.

Kotlin

Coming soon

Raw REST API

POST /api/service/idp/azure/mappers/0637576a-5419-40d7-b6cb-fe5841b1da4b

{
   "identityProviderAlias": "azure", // (1)
   "identityProviderMapper": "saml-group-idp-mapper",
   "id": "0637576a-5419-40d7-b6cb-fe5841b1da4b", // (2)
   "name": "0d9b0028-513c-4536-af90-d594ef2d549c--1713772147406",  // (3)
   "config": {
       "syncMode": "FORCE",
       "attributes": "[]",
       "are.attribute.values.regex": "",
       "attribute.name": "memberOf",
       "group": "atlan_group_name",  // (4)
       "attribute.value": "sso_group_name_updated"  // (5)
   }
}

1. Specify the SSO provider; here, we update group mapping for Azure AD SSO.
2. Specify the existing SSO group map identifier.
3. Specify the name of the existing SSO group map.
4. Provide the name of the existing Atlan group.
5. Provide the updated name of the existing SSO group.

Delete group mapping

To delete an existing SSO group mapping:

Java

Coming soon

Python

Delete an existing SSO group mapping

from pyatlan.client.atlan import AtlanClient
from pyatlan.model.enums import AtlanSSO

client = AtlanClient()

response = client.sso.delete_group_mapping( # (1)
    sso_alias=AtlanSSO.AZURE_AD,
    group_map_id="0637576a-5419-40d7-b6cb-fe5841b1da4b"
)

1. To delete an existing group mapping, you need to provide the SSO alias and map identifier. Here, we're deleting the group mapping for Azure AD SSO.

Kotlin

Coming soon

Raw REST API

All details are present the URL itself

Note that you need to specify the SSO alias and map identifier directly in the URL. For this example, we're deleting a group mapping for Azure AD SSO.