:doc:`ManagedGrafana <../../grafana>` / Client / describe_workspace_authentication

*********************************
describe_workspace_authentication
*********************************



.. py:method:: ManagedGrafana.Client.describe_workspace_authentication(**kwargs)

  

  Displays information about the authentication methods used in one Amazon Managed Grafana workspace.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/grafana-2020-08-18/DescribeWorkspaceAuthentication>`_  


  **Request Syntax**
  ::

    response = client.describe_workspace_authentication(
        workspaceId='string'
    )
    
  :type workspaceId: string
  :param workspaceId: **[REQUIRED]** 

    The ID of the workspace to return authentication information about.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'authentication': {
              'awsSso': {
                  'ssoClientId': 'string'
              },
              'providers': [
                  'AWS_SSO'|'SAML',
              ],
              'saml': {
                  'configuration': {
                      'allowedOrganizations': [
                          'string',
                      ],
                      'assertionAttributes': {
                          'email': 'string',
                          'groups': 'string',
                          'login': 'string',
                          'name': 'string',
                          'org': 'string',
                          'role': 'string'
                      },
                      'idpMetadata': {
                          'url': 'string',
                          'xml': 'string'
                      },
                      'loginValidityDuration': 123,
                      'roleValues': {
                          'admin': [
                              'string',
                          ],
                          'editor': [
                              'string',
                          ]
                      }
                  },
                  'status': 'CONFIGURED'|'NOT_CONFIGURED'
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **authentication** *(dict) --* 

        A structure containing information about the authentication methods used in the workspace.

        
        

        - **awsSso** *(dict) --* 

          A structure containing information about how this workspace works with IAM Identity Center.

          
          

          - **ssoClientId** *(string) --* 

            The ID of the IAM Identity Center-managed application that is created by Amazon Managed Grafana.

            
      
        

        - **providers** *(list) --* 

          Specifies whether this workspace uses IAM Identity Center, SAML, or both methods to authenticate users to use the Grafana console in the Amazon Managed Grafana workspace.

          
          

          - *(string) --* 
      
        

        - **saml** *(dict) --* 

          A structure containing information about how this workspace works with SAML, including what attributes within the assertion are to be mapped to user information in the workspace.

          
          

          - **configuration** *(dict) --* 

            A structure containing details about how this workspace works with SAML.

            
            

            - **allowedOrganizations** *(list) --* 

              Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.

              
              

              - *(string) --* 
          
            

            - **assertionAttributes** *(dict) --* 

              A structure that defines which attributes in the SAML assertion are to be used to define information about the users authenticated by that IdP to use the workspace.

              
              

              - **email** *(string) --* 

                The name of the attribute within the SAML assertion to use as the email names for SAML users.

                
              

              - **groups** *(string) --* 

                The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups.

                
              

              - **login** *(string) --* 

                The name of the attribute within the SAML assertion to use as the login names for SAML users.

                
              

              - **name** *(string) --* 

                The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users.

                
              

              - **org** *(string) --* 

                The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations.

                
              

              - **role** *(string) --* 

                The name of the attribute within the SAML assertion to use as the user roles.

                
          
            

            - **idpMetadata** *(dict) --* 

              A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.

              .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``url``, ``xml``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


            
              

              - **url** *(string) --* 

                The URL of the location containing the IdP metadata.

                
              

              - **xml** *(string) --* 

                The full IdP metadata, in XML format.

                
          
            

            - **loginValidityDuration** *(integer) --* 

              How long a sign-on session by a SAML user is valid, before the user has to sign on again.

              
            

            - **roleValues** *(dict) --* 

              A structure containing arrays that map group names in the SAML assertion to the Grafana ``Admin`` and ``Editor`` roles in the workspace.

              
              

              - **admin** *(list) --* 

                A list of groups from the SAML assertion attribute to grant the Grafana ``Admin`` role to.

                
                

                - *(string) --* 
            
              

              - **editor** *(list) --* 

                A list of groups from the SAML assertion attribute to grant the Grafana ``Editor`` role to.

                
                

                - *(string) --* 
            
          
        
          

          - **status** *(string) --* 

            Specifies whether the workspace's SAML configuration is complete.

            
      
    
  
  **Exceptions**
  
  *   :py:class:`ManagedGrafana.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`ManagedGrafana.Client.exceptions.ThrottlingException`

  
  *   :py:class:`ManagedGrafana.Client.exceptions.ConflictException`

  
  *   :py:class:`ManagedGrafana.Client.exceptions.ValidationException`

  
  *   :py:class:`ManagedGrafana.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`ManagedGrafana.Client.exceptions.InternalServerException`

  