REST API: Getting SAML user role ARNs from AWS app

wolfwin · October 19, 2020, 5:32pm

Hello,
I would like to use the rest api to get the list of AWS IAM role ARNs assigned to a particular application user. I am able to do this in the somewhat piecemeal way below – but is there is a better way of doing this?

Get the app:
GET /api/v1/apps/<my app id>
Locate and extract the aws account id from the identity provider arn in the response to 1:
“settings” -> “app” -> “identityProviderArn”
Get the app user:
GET /api/v1/apps/<my app id>/users
Locate the SAML roles from the user profile in the response from 3.
"profile" -> "samlRoles"
Construct the aws role arns from 2. and 4.

Lijia · October 21, 2020, 4:31pm

@wolfwin Can you please open a support ticket through an email to support@okta.com with this issue? One of our Technical Support Engineers will take the case and assist you in narrowing down the cause of the issue.

bruno.souza · January 19, 2022, 9:23pm

https://{url}/api/v1/apps?filter=user.id+eq+"{userid}"&expand=user/{userid}

system · February 8, 2024, 9:19pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
roleARN for AWS SAML_2.0 application via API SAML	10	3262	February 8, 2024
Okta to AWS - roles/samlRoles not showing all AWS roles Questions	1	3139	February 8, 2024
How to get SAMLAssertion string form Okta to use AWS AssumeRoleWithSAML API? SAML	2	4000	January 18, 2024
Query regarding Authorization to AWS using Okta SAML	2	1328	January 10, 2024
No sign-on modes for AWS app Questions	4	5182	March 7, 2019

REST API: Getting SAML user role ARNs from AWS app

Related topics