CloudShell Version: 2023.3 GA
Guide Version: 1.0
View / Download All Help Versions

SSO Login to CloudShell APIs

This article explains how to use CloudShell APIs via SSO. This option provides user access to our APIs directly from your identity provider (IdP) using an authentication token.

Note: SSO login is not supported for New Job Scheduling API.

In this article:


  • IdP user profile that contains an email address ("email" claim and value). To register new users, see the To define user groups for SAML SSO: section.
  • JWT token generated in your IdP. Note that the authorization token is valid for 5 hours by default, but the validity period can be extended using the AuthToken.ExpirationSpanMinutes configuration key.

API authentication token creation flow

  1. User sends to Quali Server a login request containing the JWT token and CloudShell domain name.
  2. Quali Server validates the JWT token against the user's IdP.
  3. The IdP returns to Quali Server the user's details in a UserInfo object.

    For example:

    Quali Server uses the IdP user's email address to identify an existing CloudShell user or create a new one to be used in the authentication token.

  4. Quali Server sends the user a response containing the authentication token.

Login request example

API call using an API authentication token

from cloudshell.api.cloudshell_api import CloudShellAPISession

api = CloudShellAPISession(host="localhost", token_id="eyJhbGciOiJSUzI....zHMyOeJYu-0xodJ_yghhbg", domain="Global")

result = api.AddTopologiesToDomain(topologyNames=["CloudShell Sandbox Template"],domainName="Domain A")