Creating a Tenant
To create a tenant, you must send a POST request to the following endpoint in the API:
https://api.platform.illow.io/open-api/v1/company/tenants
info
Don't forget to include your Access Key in the X-API-Key header of all your requests.
Within this request you will have to specify the SSO configuration. Right now the only SSO protocol supported is SAML, but other ones can be added if needed. Also, you will have to create an application in your Idp to enable the login within illow.
Request Body
Format: JSON
| Property | Type | Required? | Description |
|---|---|---|---|
| tenantName | string | Yes | The tenant's name for administration purposes. This will not be shown to your users. |
| sso | SSO Object | Yes | The SSO configuration for the tenant's users. |
| domain | string | No | The tenant's domain you would like to register to be scanned. |
| tenantMembers | Array<Tenant Member> | No | The list of all tenant members and their roles. |
SSO Object
| Property | Type | Required? | Description |
|---|---|---|---|
| saml | SAML Object | Yes | The configuration for a SAML integration. |
SAML Object
| Property | Type | Required? | Description |
|---|---|---|---|
| claims | Claims Object | Yes | The name for the claim properties. |
| metadataUrl | string | Yes | The URL with the metadata for SAML. |
Claims Object
| Property | Type | Required? | Description |
|---|---|---|---|
| string | Yes | Claim name for the user’s email. | |
| name | string | Yes | Claim name for the user’s name. |
Tenant Member
| Property | Type | Required? | Description |
|---|---|---|---|
| string | Yes | The email for the tenant member. | |
| role | admin, user | Yes | The role to be applied to the tenant member. |
Examples
- Creating a tenant with Auth0 as Idp over SAML
{
"tenantName": "Big Telco, Inc.",
"domain": "bigtelco.com",
"sso": {
"saml": {
"claims": {
"mail": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
},
"metadataUrl": "https://bigtelco.com/samlp/metadata?connection=illow",
}
},
"tenantMembers": [
{ "email": "xyz@bigtelco.com", "role": "admin" },
{ "email": "asd@bigtelco.com", "role": "user" },
{ "email": "foo.bar@bigtelco.com", "role": "admin" }
]
}
Response Body
Format: JSON
| Property | Type | Description |
|---|---|---|
| tenantId | string | The tenant's ID within illow |
| loginUrl | string | The URL to redirect the user to access the platform |
Example
{
"tenantId": "8374978f-51d8-421c-8f6e-da3734db7226",
"loginUrl": "https://platform.illow.io/#/8374978f-51d8-421c-8f6e-da3734db7226/sign-in"
}
SSO information to create SAML App in Idp
The Identity Provider (Idp) must be configured with the following information about illow as an Authentication Service:
| Configuration | Value |
|---|---|
| Entity ID | urn:amazon:cognito:sp:eu-central-1_Q4qaOEIeK |
| Reply URL (Assertion Consumer Service URL) | https://federated-login.platform.illow.io/saml2/idpresponse |
The Reply URL will not be visible to your users.
SAML SSO flow
illow supports SAML 2.0 for SSO out of the box. The authentication flow works as usual:
