Cloudera Docs

Updating an identity provider

You can update the group synchronization option and the provider metadata in a Cloudera identity provider. To update an identity provider in Cloudera, you must be a Cloudera account administrator or have the PowerUser role.

You might want to update the Cloudera identity provider to change the group synchronization option or if you want to update the list of x.509 certificates in the provider metadata.

Required role: Account administrator or PowerUser

Using Cloudera Management Console

  1. Sign in to the Cloudera console.
  2. From the Cloudera home page, click Cloudera Management Console.
  3. In the User Management section of the side navigation panel, click Identity Providers.
  4. Find the Cloudera identity provider that you want to update.
  5. Click the Actions button and select Update Identity Provider.
  6. On the Identity Provider window:
    • You can change the Sync Groups on Login option.
    • You can add or edit the SAML Identity Provider Metadata.
    • You can check the Generate workload username by email box to have the workload username is generated based on the email instead of the default. See Generating workload usernames based on email.
    • You can enable SCIM for Azure AD. See Configure SCIM with Azure AD.
    • You cannot change the name of the Cloudera identity provider.
  7. Verify the updates and click Update.

    Cloudera updates the information for the Cloudera identity provider.

Using CDP CLI

You can view the status and metadata of an identity provider using the describe-saml-provider command. To view the status and metadata, you need to provide the identity provider name or the CRN as shown in the following example:
cdp iam describe-saml-provider --saml-provider-name [***PROVIDER NAME***]
cdp iam describe-saml-provider --saml-provider-name [***CRN***]
You can generate a JSON input template in case you want to see the JSON structure required for inputting parameters through a file:
cdp iam describe-saml-provider --generate-cli-skeleton '{"samlProviderName": [***PROVIDER NAME***]}'
This command does not run and return the description, the command only prints the template.
To update the identity provider information based on the JSON template, you need to use the update-saml-provider command to feed a JSON string or file:
cdp iam update-saml-provider \
--saml-provider-name [***PROVIDER NAME***] \
--saml-metadata-document file://[***PATH TO THE CML METADATA FILE***]
The following parameters are required for the update-saml-provider command:

  • --saml-provider-name: The unique identifier for the identity provider in Cloudera (for example, CDP00).

  • --saml-metadata-document: The path to the XML metadata file, prefixed with file://. The file:// prefix is mandatory for the CLI to parse the local file correctly.