SAML logon

This method authenticates a user to Privilege Cloud using SAML authentication and returns a token that can be used in subsequent web services calls.

To make this API available, you need to enable the SAML IdP initiated SSO flow. For details, see Configure SAML authentication

URL

https://<subdomain>.privilegecloud.cyberark.com/PasswordVault/API/auth/SAML/Logon/

HTTP method	Content type
POST	application/x-www-form-urlencoded

concurrentSession=true&apiUse=true&SAMLResponse=PHNhb...

All body parameters should be encoded in key-value pairs, separated by an ampersand (&).

Each key and value should be separated by an equals symbol (=).

Parameter	Description
SAMLResponse	The SAML response from the ldP Type: String Mandatory: Yes
apiUse	Always send with value `true`. Type: Boolean Mandatory: Yes Valid values: True
concurrentSession	Set this parameter to `true` to enable the user to open multiple connection sessions simultaneously. Up to 300 concurrent sessions are supported. Type: Boolean Mandatory: No Valid values: True/False Default: False

Parameter

Description

SAMLResponse

The SAML response from the ldP

Type: String

Mandatory: Yes

apiUse

Always send with value true.

Type: Boolean

Mandatory: Yes

Valid values: True

concurrentSession

Set this parameter to true to enable the user to open multiple connection sessions simultaneously. Up to 300 concurrent sessions are supported.

Type: Boolean

Mandatory: No

Valid values: True/False

Default: False

{ 

"<session token>"

}

This method returns the session token.

For a complete list of return codes, see Return Codes.