GuidesChangelogData Inspector Library API Reference
Guides
  1. Command Line Interface
  2. OLP CLI Command reference

identity provider

identity provider

The OLP CLI supports the following functionality for SAML identity provider management:

  • create a SAML identity provider
  • update a SAML identity provider
  • enable a SAML identity provider
  • disable a SAML identity provider
  • list SAML identity providers
  • show a SAML identity provider
  • delete a SAML identity provider

These commands are available for apps with a 'IDPManager' role.

identity provider create

Creates a SAML identity provider.

olp identity provider create <provider name> <template ID> <URL or path to metadata file> [command options]

Required parameters:

  • <provider name> The display name of the SAML identity provider.
  • <template ID> A supported SAML identity provider template ID.
  • <URL or path to metadata file> The URL or file path to the identity provider metadata XML contents.

Optional parameters:

  • --entity-id <entity ID> Entity ID of the identity provider.
  • --sso-login-url <single sign on URL> Single sign on URL for the identity provider.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays the provider HRN.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below creates a new SAML identity provider with information from metadata.xml file:

olp identity provider create "Okta Login" okta ./metadata.xml

Output:

SAML identity provider hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d has been created

Use olp identity provider show <provider HRN> to show SAML identity provider details
Use olp identity provider enable <provider HRN> to enable SAML identity provider

identity provider update

Updates a SAML identity provider.

olp identity provider update <provider HRN> [command options]

Required parameters:

  • <provider HRN> The HRN of the SAML identity provider.

Optional parameters:

  • --name <provider name> The display name of the SAML identity provider.
  • --metadata-source <URL or path to metadata file> The URL or file path to the identity provider metadata XML contents.
  • --entity-id <entity ID> Entity ID of the identity provider.
  • --sso-login-url <single sign on URL> Single sign on URL for the identity provider.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below updates name and single sign on URL for a SAML identity provider:

olp identity provider update hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d --name Okta --sso-login-url https://here.example.com/sso2/saml

Output:

SAML identity provider hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d has been updated

identity provider enable

Enables a SAML identity provider for the realm and switches the login method to SSO for all users, with the option to enable password login along with SSO.

olp identity provider enable <provider HRN> [command options]

Required parameters:

  • <provider HRN> The HRN of the SAML identity provider.

Optional parameters:

  • --with-password-login Flag indicating if password logins should also be allowed for the realm. Both SSO and password login methods will be allowed if this flag is used. Default value of false will be used if omitted and the realm will support SSO logins only.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below enables a SAML identity provider:

olp identity provider enable hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d

Output:

SAML identity provider hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d has been enabled. Now the realm hrn:here:account::org:realm/org supports SSO logins only

Example:

The command below enables a SAML identity provider and also enables the realm to support password login along with SSO:

olp identity provider enable hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d --with-password-login

Output:

SAML identity provider hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d has been enabled. Now the realm hrn:here:account::org:realm/org supports both SSO and password logins

identity provider disable

Disables a SAML identity provider for the realm. Switches the login method of the realm to password login method for all users.

olp identity provider disable <provider HRN> [command options]

Required parameters:

  • <provider HRN> The HRN of the SAML identity provider.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below disables a SAML identity provider:

olp identity provider disable hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d

Output:

SAML identity provider hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d has been disabled

identity provider list

Lists all SAML identity providers for your organization.

olp identity provider list [command options]

Optional parameters:

  • --enabled Lists only enabled identity providers.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays provider HRNs for the organization, each on a new line.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below lists the enabled SAML identity providers:

olp identity provider list --enabled

Output:

SAML identity provider HRN                                                                                  display name      enabled
hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d      Okta Login        true

Use olp identity provider show <provider HRN> to display more information about SAML identity provider.

identity provider show

Shows the details of a SAML identity provider.

olp identity provider show <provider HRN> [command options]

Required parameters:

  • <provider HRN> The HRN of the SAML identity provider.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays the provider name.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below shows the details of a SAML identity provider:

olp identity provider show hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d

Output:

HRN               hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d
name              Okta Login
idpTemplateId     okta
entityId          https://www.example.com/mySso
ssoLoginUrl       https://here.example.com/sso/saml
created           2023-01-21T17:32:28Z
enabled           true
callback          https://account.here.com/saml/callback
spMetadataUrl     https://account.api.here.com/identityProvider/aHJuOmhlcmU6YWNjb3VudDo6b3Jn/metadata
spCertificateUrl  https://account.api.here.com/identityProvider/aHJuOmhlcmU6YWNjb3VudDo6b3Jn/cert

identity provider delete

Deletes a SAML identity provider.

olp identity provider delete <provider HRN> [command options]

Required parameters:

  • <provider HRN> The HRN of the SAML identity provider.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below deletes a SAML identity provider:

olp identity provider delete hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d

Output:

SAML identity provider hrn:here:account::org:samlIdentityProvider/IDP-4451d8ed-42cd-4de1-ac16-3fa1ed7f393d has been deleted

Updated 22 days ago