Skip to content

REST Interface for External User Info Endpoint

Audience: System Administrators

Content Summary: If your organization uses one system for authentication and has another system that contains attributes that must be added to users in Immuta to grant access to data, you can implement an interface that adds attributes to users whenever they log in to Immuta.

The system queries the configurable endpoint when users log in with their userid and then merges the response with the groups and attributes returned from the IAM.

For instructions on how to configure an external user endpoint, see Configuring an External User Info Endpoint.

Authentication

The service can authenticate requests with both or either of the following methods:

  1. Basic username and password Authorization header
  2. SSL cert validation

For more information, please refer to Configuring an External User Info Endpoint.

Note: Immuta will expect non 200 error codes when the user info cannot be retrieved.

GET /user-info

The user info endpoint will be called each time Immuta needs to synchronize with a remote IAM on user groups and authorizations. Immuta will query the endpoint with the user ID specified in request's query.

Note: The endpoint's path does not necessarily have to be /user-info.

Parameters

Name Located in Description Required Schema
userid query The unique user identifier (username in Immuta) Yes string

Responses

Code Description
200 successful operation - user info retrieved successfully

Response Schema

Name Example
groups [{"name": "<group_name>"}]
authorizations {"<authorization_name>": ["<value>"]}

Below is an example value that could be returned by the endpoint:

{
  "groups": [{
    "name":  "Accountants",
  }, {
    "name":  "Controllers",
  }],
  "authorizations": {
    "EMEA": ["Sales", "Expenses"],
    "APAC": ["Sales"]
  }
}