| |
Methods defined here:
- __init__(self, client_id, client_secret, region='us', max_results=1000, default_timeout=(10, 60))
- Create a new instance of OneLoginClient.
:param client_id: API Credentials client_id
:type client_id: string
:param client_secret: API Credentials client_secret
:type client_secret: string
:param region: OneLogin region, either us or eu
:type region: string
:param max_results: Maximum number of results returned by list operations
:type max_results: int
:param default_timeout: a request timeout
See http://docs.python-requests.org/en/master/user/advanced/#timeouts
:type default_timeout: (float, float)
- activate_factor(self, user_id, device_id)
- Triggers an SMS or Push notification containing a One-Time Password (OTP)
that can be used to authenticate a user with the Verify Factor call.
:param user_id: Set to the id of the user.
:type user_id: integer
:param device_id: Set to the device_id of the MFA device.
:type device_id: integer
:return: Info with User Id, Device Id, and otp_device
:rtype: FactorEnrollmentResponse
See https://developers.onelogin.com/api-docs/1/multi-factor-authentication/activate-factor Activate an Authentication Factor documentation
- assign_role_to_user(self, user_id, role_ids)
- Assigns Roles to User
:param user_id: Id of the user
:type user_id: int
:param role_ids: List of role ids to be added
:type user_params: integer array
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/assign-role-to-user Assign Role to User documentation
- assign_roles_to_privilege(self, privilege_id, role_ids)
- Assign one or more roles to a privilege.
:param privilege_id: The id of the privilege.
:type privilege_id: string
:param role_ids: The ids of the roles to be assigned.
:type role_ids: list
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/privileges/assign-role Assign Roles documentation
- assign_users_to_privilege(self, privilege_id, user_ids)
- Assign one or more users to a privilege.
:param privilege_id: The id of the privilege.
:type privilege_id: string
:param user_ids: The ids of the users to be assigned.
:type user_ids: list
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/privileges/assign-users Assign Users documentation
- clean_error(self)
- Clean any previous error registered at the client.
- create_event(self, event_params)
- Create an event in the OneLogin event log.
:param event_params: Event data (event_type_id, account_id, actor_system,
actor_user_id, actor_user_name, app_id,
assuming_acting_user_id, custom_message,
directory_sync_run_id, group_id, group_name,
ipaddr, otp_device_id, otp_device_name,
policy_id, policy_name, role_id, role_name,
user_id, user_name)
:type event_params: dict
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/events/create-event Create Event documentation
- create_privilege(self, name, version, statements)
- Creates a Privilege
:param name: The name of the privilege.
:type name: string
:param version: The version for the privilege schema. Set to 2018-05-18.
:type version: string
:param statements: A list of statements. Statement object or a dict with the keys Effect, Action and Scope
:type statements: list[Statement] or list[dict]
Returns the created privilege
:return: privilege
:rtype: Privilege
See https://developers.onelogin.com/api-docs/1/privileges/create-privilege Create Privilege documentation
- create_session_login_token(self, query_params, allowed_origin='')
- Generates a session login token in scenarios in which MFA may or may not be required.
A session login token expires two minutes after creation.
:param query_params: Query Parameters (username_or_email, password, subdomain, return_to_url,
ip_address, browser_id)
:type query_params: dict
:param allowed_origin: Custom-Allowed-Origin-Header. Required for CORS requests only.
Set to the Origin URI from which you are allowed to send a request
using CORS.
:type allowed_origin: string
Returns a session token
:return: return the object if success
:rtype: SessionTokenInfo/SessionTokenMFAInfo
See https://developers.onelogin.com/api-docs/1/users/create-session-login-token Create Session Login Token documentation
- create_user(self, user_params)
- Creates an user
:param user_params: User data (firstname, lastname, email, username, company,
department, directory_id, distinguished_name,
external_id, group_id, invalid_login_attempts,
locale_code, manager_ad_id, member_of,
openid_name, phone, samaccountname, title,
userprincipalname)
:type user_params: dict
Returns the created user
:return: user
:rtype: User
See https://developers.onelogin.com/api-docs/1/users/create-user Create User documentation
- delete_privilege(self, privilege_id)
- Deletes a Privilege.
:param privilege_id: The id of the privilege you want to delete.
:type privilege_id: string
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/privileges/delete-privilege Delete Privilege documentation
- delete_user(self, user_id)
- Deletes an user
:param user_id: Id of the user to be deleted
:type user_id: int
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/delete-user Delete User by ID documentation
- enroll_factor(self, user_id, factor_id, display_name, number)
- Enroll a user with a given authentication factor.
:param user_id: Set to the id of the user.
:type user_id: integer
:param factor_id: The identifier of the factor to enroll the user with.
:type factor_id: integer
:param display_name: A name for the users device.
:type display_name: string
:param number: The phone number of the user in E.164 format..
:type number: string
:return: MFA device
:rtype: OTP_Device
See https://developers.onelogin.com/api-docs/1/multi-factor-authentication/enroll-factor Enroll an Authentication Factor documentation
- execute_call(self, method, url, headers=None, params=None, json=None)
- extract_error_attribute_from_response(self, response)
- extract_error_message_from_response(self, response)
- extract_status_code_from_response(self, response)
- generate_invite_link(self, email)
- Generates an invite link for a user that you have already created in your OneLogin account.
:param email: Set to the email address of the user that you want to generate an invite link for.
:type email: string
Returns the invitation link
:return: link
:rtype: str
See https://developers.onelogin.com/api-docs/1/invite-links/generate-invite-link Generate Invite Link documentation
- generate_mfa_token(self, user_id, expires_in=259200, reusable=False)
- Use to generate a temporary MFA token that can be used in place of other MFA tokens for a set time period.
For example, use this token for account recovery.
:param user_id: Id of the user
:type user_id: int
:param expires_in: Set the duration of the token in seconds.
(default: 259200 seconds = 72h) 72 hours is the max value.
:type expires_in: int
:param reusable: Defines if the token reusable. (default: false) If set to true, token can be used for multiple apps, until it expires.
:type reusable: bool
Returns a mfa token
:return: return the object if success
:rtype: MFAToken
See https://developers.onelogin.com/api-docs/1/multi-factor-authentication/generate-mfa-token Generate MFA Token documentation
- get_access_token(self)
- Generates an access token and refresh token that you may use to
call Onelogin's API methods.
Returns the generated OAuth Token info
:return: OAuth Token info
:rtype: OneLoginToken
See https://developers.onelogin.com/api-docs/1/oauth20-tokens/generate-tokens Generate Tokens documentation.
- get_after_cursor(self, response)
- get_apps(self, query_parameters=None, max_results=None)
- Gets a list of all Apps in a OneLogin account.
:param query_parameters: Parameters to filter the result of the list
:type query_parameters: dict
:param max_results: Limit the number of apps returned (optional)
:type max_results: int
Returns the list of apps
:return: app list
:rtype: list[OneLoginApp]
See https://developers.onelogin.com/api-docs/1/apps/get-apps Get Apps documentation
- get_authorized_headers(self, bearer=True, headers=None)
- get_before_cursor(self, response)
- get_custom_attributes(self)
- Gets a list of all custom attribute fields (also known as custom user fields) that have been defined for OL account.
Returns the custom attributes of the account
:return: custom attribute list
:rtype: list[str]
See https://developers.onelogin.com/api-docs/1/users/get-custom-attributes Get Custom Attributes documentation
- get_embed_apps(self, token, email)
- Lists apps accessible by a OneLogin user.
:param token: Provide your embedding token.
:type token: string
:param email: Provide the email of the user for which you want to return a list of embeddable apps.
:type email: string
Returns the embed apps
:return: A list of Apps
:rtype: list[App]
See https://developers.onelogin.com/api-docs/1/embed-apps/get-apps-to-embed-for-a-user Get Apps to Embed for a User documentation
- get_enrolled_factors(self, user_id)
- Return a list of authentication factors registered to a particular user for multifactor authentication (MFA)
:param user_id: Set to the id of the user.
:type user_id: integer
:return: OTP_Device list
:rtype: list[OTP_Device]
See https://developers.onelogin.com/api-docs/1/multi-factor-authentication/enrolled-factors Get Enrolled Authentication Factors documentation
- get_event(self, event_id)
- Gets Event by ID.
:param role_id: Id of the Event
:type role_id: int
Returns the result of the operation
:return: event
:rtype: Event
See https://developers.onelogin.com/api-docs/1/events/get-event-by-id Get Event by ID documentation
- get_event_types(self)
- List of all OneLogin event types available to the Events API.
Returns the list of event type
:return: event type list
:rtype: list[EventType]
See https://developers.onelogin.com/api-docs/1/events/event-types Get Event Types documentation
- get_events(self, query_parameters=None, max_results=None)
- Gets a list of Event resources.
:param query_parameters: Parameters to filter the result of the list
:type query_parameters: dict
:param max_results: Limit the number of events returned (optional)
:type max_results: int
Returns the list of events
:return: event list
:rtype: list[Event]
See https://developers.onelogin.com/api-docs/1/events/get-events Get Events documentation
- get_factors(self, user_id)
- Returns a list of authentication factors that are available for user enrollment via API.
:param user_id: Set to the id of the user.
:type user_id: integer
:return: AuthFactor list
:rtype: list[AuthFactor]
See https://developers.onelogin.com/api-docs/1/multi-factor-authentication/available-factors Get Available Authentication Factors documentation
- get_group(self, group_id)
- Gets Group by ID.
:param role_id: Id of the group
:type role_id: int
Returns the group identified by the id
:return: group
:rtype: Group
See https://developers.onelogin.com/api-docs/1/groups/get-group-by-id Get Group by ID documentation
- get_groups(self, max_results=None)
- Gets a list of Group resources (element of groups limited with the max_results parameter, or client attribute).
:param max_results: Limit the number of groups returned (optional)
:type max_results: int
Returns the list of groups
:return: group list
:rtype: list[Group]
See https://developers.onelogin.com/api-docs/1/groups/get-groups Get Groups documentation
- get_headers(self, bearer=True)
- get_privilege(self, privilege_id)
- Get a Privilege
:param privilege_id: The id of the privilege.
:type privilege_id: string
Returns the privilege identified by the id
:return: privilege
:rtype: Privilege
See https://developers.onelogin.com/api-docs/1/privileges/get-privilege Get Privilege documentation
- get_privileges(self)
- Gets a list of the Privileges created in an account.
Returns the list of privileges
:return: privileges list
:rtype: list[Privilege]
See https://developers.onelogin.com/api-docs/1/privileges/list-privileges List Privileges documentation
- get_rate_limits(self)
- Gets current rate limit details about an access token.
Returns the rate limit info
:return: rate limit info
:rtype: RateLimit
See https://developers.onelogin.com/api-docs/1/oauth20-tokens/get-rate-limit Get Rate Limit documentation
- get_role(self, role_id)
- Gets Role by ID.
:param role_id: Id of the Role
:type role_id: int
Returns the role identified by the id
:return: role
:rtype: Role
See https://developers.onelogin.com/api-docs/1/roles/get-role-by-id Get Role by ID documentation
- get_roles(self, query_parameters=None, max_results=None)
- Gets a list of Role resources.
:param query_parameters: Parameters to filter the result of the list
:type query_parameters: dict
:param max_results: Limit the number of roles returned (optional)
:type max_results: int
Returns the list of roles
:return: role list
:rtype: list[Role]
See https://developers.onelogin.com/api-docs/1/roles/get-roles Get Roles documentation
- get_roles_assigned_to_privilege(self, privilege_id, max_results=None)
- Gets a list of the roles assigned to a privilege.
:param privilege_id: The id of the privilege.
:type privilege_id: string
:param max_results: Limit the number of roles returned (optional)
:type max_results: int
Returns the list of roles
:return: role_ids list
:rtype: list[int]
See https://developers.onelogin.com/api-docs/1/privileges/get-roles Get Assigned Roles documentation
- get_saml_assertion(self, username_or_email, password, app_id, subdomain, ip_address=None)
- Generates a SAML Assertion.
:param username_or_email: username or email of the OneLogin user accessing the app
:type username_or_email: string
:param password: Password of the OneLogin user accessing the app
:type password: string
:param app_id: App ID of the app for which you want to generate a SAML token
:type app_id: integer
:param subdomain: subdomain of the OneLogin account related to the user/app
:type subdomain: string
:param ip_address: whitelisted IP address that needs to be bypassed (some MFA scenarios).
:type ip_address: string
Returns a SAMLEndpointResponse object with an encoded SAMLResponse
:return: true if success
:rtype: SAMLEndpointResponse
See https://developers.onelogin.com/api-docs/1/saml-assertions/generate-saml-assertion Generate SAML Assertion documentation
- get_saml_assertion_verifying(self, app_id, device_id, state_token, otp_token=None, url_endpoint=None, do_not_notify=False)
- Verify a one-time password (OTP) value provided for a second factor when multi-factor authentication (MFA) is required for SAML authentication.
:param app_id: App ID of the app for which you want to generate a SAML token
:type app_id: integer
:param devide_id: Provide the MFA device_id you are submitting for verification.
:type subdomain: integer
:param state_token: Provide the state_token associated with the MFA device_id you are submitting for verification.
:type state_token: string
:param otp_token: Provide the OTP value for the MFA factor you are submitting for verification.
:type otp_token: string
:param url_endpoint: Specify an url where return the response.
:type url_endpoint: string
:param do_not_notify: When verifying MFA via Protect Push, set this to true to stop additional push notifications being sent to the OneLogin Protect device
:type do_not_notify: bool
Returns a SAMLEndpointResponse object with an encoded SAMLResponse
:return: true if success
:rtype: SAMLEndpointResponse
See https://developers.onelogin.com/api-docs/1/saml-assertions/verify-factor Verify Factor documentation
- get_session_token_verified(self, device_id, state_token, otp_token=None, allowed_origin='', do_not_notify=False)
- Verify a one-time password (OTP) value provided for multi-factor authentication (MFA).
:param device_id: Provide the MFA device_id you are submitting for verification.
:type device_id: string
:param state_token: Provide the state_token associated with the MFA device_id you are submitting for verification.
:type state_token: string
:param otp_token: Provide the OTP value for the MFA factor you are submitting for verification.
:type otp_token: string
:param allowed_origin: Required for CORS requests only. Set to the Origin URI from which you are allowed to send a request using CORS.
:type allowed_origin: string
:param do_not_notify: When verifying MFA via Protect Push, set this to true to stop additional push notifications being sent to the OneLogin Protect device.
:type do_not_notify: bool
Returns a session token
:return: return the object if success
:rtype: SessionTokenInfo
See https://developers.onelogin.com/api-docs/1/users/verify-factor Verify Factor documentation
- get_url(self, base, obj_id=None, extra_id=None)
- get_user(self, user_id)
- Gets User by ID.
:param user_id: Id of the user
:type user_id: int
Returns the user identified by the id
:return: user
:rtype: User
See https://developers.onelogin.com/api-docs/1/users/get-user-by-id Get User by ID documentation
- get_user_apps(self, user_id)
- Gets a list of apps accessible by a user, not including personal apps.
:param user_id: Id of the user
:type user_id: int
Returns the apps user identified by the id
:return: App list of the user
:rtype: list[App]
See https://developers.onelogin.com/api-docs/1/users/get-apps-for-user Get Apps for a User documentation
- get_user_roles(self, user_id)
- Gets a list of role IDs that have been assigned to a user.
:param user_id: Id of the user
:type user_id: int
Returns the role ids of the user identified by the id
:return: role ids
:rtype: list[int]
See https://developers.onelogin.com/api-docs/1/users/get-roles-for-user Get Roles for a User documentation
- get_users(self, query_parameters=None, max_results=None)
- Gets a list of User resources.
:param query_parameters: Parameters to filter the result of the list
:type query_parameters: dict
:param max_results: Limit the number of users returned (optional)
:type max_results: int
Returns the list of users
:return: users list
:rtype: list[User]
See https://developers.onelogin.com/api-docs/1/users/get-users Get Users documentation
- get_users_assigned_to_privilege(self, privilege_id, max_results=None)
- Gets a list of the users assigned to a privilege.
:param privilege_id: The id of the privilege.
:type privilege_id: string
:param max_results: Limit the number of users returned (optional)
:type max_results: int
Returns the list of users
:return: user_ids list
:rtype: list[int]
See https://developers.onelogin.com/api-docs/1/privileges/get-users Get Assigned Users documentation
- handle_operation_response(self, response)
- handle_saml_endpoint_response(self, response)
- handle_session_token_response(self, response)
- is_expired(self)
- lock_user(self, user_id, minutes)
- Use this call to lock a user's account based on the policy assigned to
the user, for a specific time you define in the request, or until you
unlock it.
:param user_id: Id of the user to be locked.
:type user_id: int
:param minutes: Set to the number of minutes for which you want to lock the user account. (0 to delegate on policy)
:type minutes: int
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/lock-user-account Lock User Account documentation
- log_user_out(self, user_id)
- Log a user out of any and all sessions.
:param user_id: Id of the user to be logged out
:type user_id: int
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/log-user-out Log User Out documentation
- prepare_token(self)
- regenerate_token(self)
- Refreshing tokens provides a new set of access and refresh tokens.
Returns the refreshed OAuth Token info
:return: OAuth Token info
:rtype: OneLoginToken
See https://developers.onelogin.com/api-docs/1/oauth20-tokens/refresh-tokens Refresh Tokens documentation
- remove_factor(self, user_id, device_id)
- Remove an enrolled factor from a user.
:param user_id: Set to the id of the user.
:type user_id: integer
:param device_id: The device_id of the MFA device.
:type device_id: integer
:return: true if action succeed
:rtype: bool
See https://developers.onelogin.com/api-docs/1/multi-factor-authentication/remove-factor Remove a Factor documentation
- remove_role_from_privilege(self, privilege_id, role_id)
- Removes one role from the privilege.
:param privilege_id: The id of the privilege.
:type privilege_id: string
:param role_id: The id of the role to be removed.
:type role_id: int
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/privileges/remove-role Remove Role documentation
- remove_role_from_user(self, user_id, role_ids)
- Remove Role from User
:param user_id: Id of the user
:type user_id: int
:param role_ids: List of role ids to be removed
:type role_ids: integer array
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/remove-role-from-user Remove Role from User documentation
- remove_stored_token(self)
- remove_user_from_privilege(self, privilege_id, user_id)
- Removes one user from the privilege.
:param privilege_id: The id of the privilege.
:type privilege_id: string
:param user_id: The id of the user to be removed.
:type user_id: int
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/privileges/remove-user Remove User documentation
- retrieve_apps_from_xml(self, xml_content)
- revoke_token(self)
- Revokes an access token and refresh token pair.
See https://developers.onelogin.com/api-docs/1/oauth20-tokens/revoke-tokens Revoke Tokens documentation
- send_invite_link(self, email, personal_email=None)
- Sends an invite link to a user that you have already created in your OneLogin account.
:param email: Set to the email address of the user that you want to send an invite link for.
:type email: string
:param personal_email: If you want to send the invite email to an email other than the
one provided in email, provide it here. The invite link will be
sent to this address instead.
:type personal_email: string
Returns the result of the operation
:return: True if the mail with the link was sent
:rtype: bool
See https://developers.onelogin.com/api-docs/1/invite-links/send-invite-link Send Invite Link documentation
- set_custom_attribute_to_user(self, user_id, custom_attributes)
- Set Custom Attribute Value
:param user_id: Id of the user
:type user_id: int
:param custom_attributes: Provide one or more key value pairs composed of the custom attribute field shortname and the value that you want to set the field to.
:type custom_attributes: dict
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/set-custom-attribute Set Custom Attribute Value documentation
- set_password_using_clear_text(self, user_id, password, password_confirmation, validate_policy=False)
- Sets Password by ID Using Cleartext
:param user_id: Id of the user
:type user_id: int
:param password: Set to the password value using cleartext.
:type password: string
:param password_confirmation: Ensure that this value matches the password value exactly.
:type password_confirmation: string
:param validate_policy: Defaults to false. This will validate the password against the users OneLogin password policy..
:type validate_policy: boolean
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/set-password-in-cleartext Set Password by ID Using Cleartext documentation
- set_password_using_hash_salt(self, user_id, password, password_confirmation, password_algorithm, password_salt=None)
- Set Password by ID Using Salt and SHA-256
:param user_id: Id of the user
:type user_id: int
:param password: Set to the password value using a SHA-256-encoded value.
:type password: string
:param password_confirmation: Ensure that this value matches the password value exactly.
:type password_confirmation: string
:param password_algorithm: Set to salt+sha256.
:type password_algorithm: string
:param password_salt: (Optional) To provide your own salt value.
:type password_salt: string
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/set-password-using-sha-256 Set Password by ID Using Salt and SHA-256 documentation
- set_state_to_user(self, user_id, state)
- Set the State for a user.
:param user_id: Id of the user
:type user_id: int
:param state: Set to the state value. Valid values: 0-3
:type state: int
Returns if the action succeed
:return: true if success
:rtype: bool
See https://developers.onelogin.com/api-docs/1/users/set-state Set User State documentation
- set_timeout(self, timeout=None)
- Changes the timeout used when placing requests with the execute_call method
:param timeout: a request timeout
See http://docs.python-requests.org/en/master/user/advanced/#timeouts
- update_privilege(self, privilege_id, name, version, statements)
- Updates a Privilege
:param privilege_id: The id of the privilege you want to update.
:type privilege_id: string
:param name: The name of the privilege.
:type name: string
:param version: The version for the privilege schema. Set to 2018-05-18.
:type version: string
:param statements: A list of statements. Statement object or a dict with the keys Effect, Action and Scope
:type statements: list[Statement] or list[dict]
Returns the modified privilege
:return: privilege
:rtype: Privilege
See https://developers.onelogin.com/api-docs/1/privileges/update-privilege Update Privilege documentation
- update_user(self, user_id, user_params)
- Updates an user
:param user_id: Id of the user
:type user_id: int
:param user_params: User data (firstname, lastname, email, username, company,
department, directory_id, distinguished_name,
external_id, group_id, invalid_login_attempts,
locale_code, manager_ad_id, member_of,
openid_name, phone, samaccountname, title,
userprincipalname)
:type user_params: dict
Returns the modified user
:return: user
:rtype: User
See https://developers.onelogin.com/api-docs/1/users/update-user Update User by ID documentation
- verify_factor(self, user_id, device_id, otp_token=None, state_token=None)
- Authenticates a one-time password (OTP) code provided by a multifactor authentication (MFA) device.
:param user_id: Set to the id of the user.
:type user_id: integer
:param device_id: Set to the device_id of the MFA device.
:type device_id: integer
:param otp_token: OTP code provided by the device or SMS message sent to user.
When a device like OneLogin Protect that supports Push has
been used you do not need to provide the otp_token.
:type otp_token: string
:param state_token: The state_token is returned after a successful request
to Enroll a Factor or Activate a Factor.
MUST be provided if the needs_trigger attribute from
the proceeding calls is set to true.
:type state_token: string
:return: true if action succeed
:rtype: bool
See https://developers.onelogin.com/api-docs/1/multi-factor-authentication/verify-factor Verify an Authentication Factor documentation
Data descriptors defined here:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
Data and other attributes defined here:
- CUSTOM_USER_AGENT = 'onelogin-python-sdk 1.9.1'
- client_id = None
- client_secret = None
|