Prerequisites

• CIP up and running

• Administrator account in CIP

About this tutorial

In this tutorial, you’re going to perform the following actions:

1. Authenticate to CIP to start a session and get an SSO token.

2. Create a new user in CIP using the received token.

3. End the session.

As a result, you will gain a basic understanding on how to send requests to CIP using the SSO token. Having this knowledge, you’ll be able to consume the public REST API endpoints provided by CIP.

Create a user in Cloud Identity Plane

1. Send the authentication request to https://example.com/api/authn/identifierpassword.

   • Replace example.com with your actual CIP domain

   • Set identifier and password to your own credentials

   curl --verbose POST 'https://example.com/api/authn/identifierpassword' \
   --header 'Content-Type: application/json' \
   --data-raw '{
   "identifier": "YOUR_IDENTIFIER",
   "password": "t0ps3cr3t"
   }'
   

   Result

   Authorization token is returned in the response body (code 201 is returned).

   < HTTP/2 201
   < date: Tue, 08 Jun 2021 12:41:01 GMT
   < content-type: application/json
   < content-length: 48
   < server: nginx
   < trace-id: 23b5a553fb95a19c
   < access-control-allow-credentials: true
   < access-control-allow-headers: *
   < access-control-allow-methods: *
   < access-control-max-age: 600
   <
   * Connection #0 to host example.com left intact
   {"token":"0d25bdba-009b-47a9-a985-554692572b1e"}* Closing connection 0
   

   More information

   You can read more about authentication options in the REST API authentication documentation.

2. Create a new user in the system by sending a request to https://example.com/api/users.

   • Replace example.com with your actual CIP domain

   • Include a header called token containing the SSO token received from the authentication request

   curl --verbose POST 'https://example.com/api/users' \
   --header 'Content-Type: application/json' \
   --header 'token: 0d25bdba-009b-47a9-a985-554692572b1e' \
   --data-raw '{"mfaMethod":"NONE","firstName":"Joe","lastName":"Smith","status":"inactive","uid":"joesmith","unverifiedEmails":["jsmith@test.cloudentity.com"]}'
   

   Result

   New inactive user (Joe Smith) is created in the system (code 201 Created is returned). Activation message is sent to the provided e-mail addresses.

   < HTTP/1.1 201 Created
   < Server: nginx
   < Date: Mon, 24 May 2021 14:50:15 GMT
   < Content-Type: application/json
   < Content-Length: 571
   < Connection: keep-alive
   < Trace-Id: e0f1a590e0523f64
   < Access-Control-Allow-Credentials: true
   < Access-Control-Allow-Headers: *
   < Access-Control-Allow-Methods: *
   < Access-Control-Max-Age: 600
   <
   * Connection #1 to host example.com left intact
   {"lastName":"Smith","googleAuthSecretAccepted":"false","apiKey":"YTU2OWIwYWQtYTE3Zi00NmE5LWE5OGYtYTk5NzQxNzVmZjky",
   "forcePwdReset":true,"mfaMethod":"NONE","totpSecretAccepted":false,"eulaApproval":"true","uuid":"9aad820e-f2ee-46ce-babb-aa1d0ee1bf50",
   "otpSetupComplete":false,"passwordChangedDate":"20210524145015.712Z","firstName":"Joe","uid":"joesmith",
   "createdDate":"20210524145015Z","unverifiedEmails":["jsmith@test.cloudentity.com"],"customers":["cloudentity"],
   "entitlementGroups":["SELF_USER_ENTITLEMENT_GROUP"],"status":"inactive","customer":"cloudentity",
   "newUserStatus":true}
   * Closing connection 1
   

   More information

   You can read more about the available user actions options in the REST API user documentation.

3. End the session by sending a request to https://example.com/api/session.

   • Replace example.com with your actual CIP domain

   • Include a header called token containing the SSO token received from the authentication request

   curl --location --verbose --request DELETE 'https://example.com/api/session' \
   --header 'token: 0d25bdba-009b-47a9-a985-554692572b1e'
   

   Result

   Your session is terminated (code 204 No Content is returned).

   < HTTP/1.1 204 No Content
   < Server: nginx
   < Date: Mon, 24 May 2021 15:17:27 GMT
   < Content-Type: application/json
   < Connection: keep-alive
   < Trace-Id: 9158bd8babcda034
   < Access-Control-Allow-Credentials: true
   < Access-Control-Allow-Headers: *
   < Access-Control-Allow-Methods: *
   < Access-Control-Max-Age: 600
   <
   

Related articles

Having tried out the simple use-case presented in this tutorial, you might be interested in the following articles:

• CIP REST API documentation describing all CIP public endpoints in detail

• Entitlements documentation describing the concept of entitlements, which grant users the rights to perform certain actions in the system.

• Authentication mechanisms in CIP describing authentication methods available in the system.