REST API: Getting SAML user role ARNs from AWS app

I would like to use the rest api to get the list of AWS IAM role ARNs assigned to a particular application user. I am able to do this in the somewhat piecemeal way below – but is there is a better way of doing this?

  1. Get the app:
    GET /api/v1/apps/<my app id>
  2. Locate and extract the aws account id from the identity provider arn in the response to 1:
    “settings” -> “app” -> “identityProviderArn”
  3. Get the app user:
    GET /api/v1/apps/<my app id>/users
  4. Locate the SAML roles from the user profile in the response from 3.
    "profile" -> "samlRoles"
  5. Construct the aws role arns from 2. and 4.

@wolfwin Can you please open a support ticket through an email to with this issue? One of our Technical Support Engineers will take the case and assist you in narrowing down the cause of the issue.