Login Profile Manager (REST)
The login profile defines how an individual user logs into Relativity by setting user-specific options for each provider in the authentication profile. Each entry in the user's login profile corresponds to a matching entry in the environment's authentication profile, such as Provider in the environment for Password, Integrated Authentication, Active Directory, RSA, and Client Certificate.
The Login Profile Manager is use to configure Relativity's Authentication Profile and user Login Profiles.
- Authentication Profile. The authentication profile is a collection of authentication providers which user login methods are created from. For example, the authentication profile is where you configure Password settings such as min and max password length. It also is where you define external identity providers that use the OpenID Connect and SAML protocols. How you configure your authentication profile determines how the look and behavior of the Relativity login page.
- Login Profile. Whereas the authentication profile applies to the environment, each user has a Login Profile that defines the user-specific options for various providers on the authentication profile. Each entry in the user's Login Profile corresponds to a matching entry in the environment's authentication profile. Each user automatically has a login profile upon creation, and you can not delete that profile.
The Login Profile Manager service allows you to interact with authentication provider from browser-based and cross-platform applications. The service provides the same set of operations as the ILoginProfileManager .NET interface. See Login Profile Manager (.NET).
This page contains the following information:
Login profile fundamentals
The URLs for REST endpoints contain path parameters that you need to set before making a call:
- Set the {versionNumber} placeholder to the version of the REST API that you want to use, using the format lowercase v and the version number, for example v1 or v2
- Set other path parameters in the URLs to the Artifact ID of a given entity, for example setting {workspaceID} to the Artifact ID of a workspace.
Note: To indicate the admin-level context, set the {workspaceID} path parameter to -1.
Refer to Login Profile Manager (.NET) for more information.
Get global authentication profile

To get the global authentication profile, send a GET request to the following Login Profile Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/auth-profile/global
The request body is empty.
Sample JSON response:
{ "ID":1, "IsGlobal":true, "Description":"Global Authentication Profile", "Password":{ "Name":"Default Password Provider", "IsEnabled":true, "MinimumPasswordLength":8, "MaximumPasswordLength":50, "MaximumPasswordAgeInDaysDefaultValue":0, "UsersCanChangePasswordDefaultValue":true, "AdminsCanSetPassword":true, "AllowEmailPasswordRecovery":false, "PasswordRecoveryRequestLimit":10, "MaximumPasswordHistory":5, "MaximumInvalidLoginAttempts":10, "AdditionalWorkFactor":0 }, "IntegratedAuthentication":{ "Name":"Default Integrated Authentication Provider", "IsEnabled":true }, "ActiveDirectory":{ "Name":"Default Active Directory Provider", "IsEnabled":true }, "ClientCertificate":{ "Name":"Default Smart Card Provider", "Description":"", "IsEnabled":true, "DisplayOnLoginPage":false, "Caption":"" }, "RSA":{ "Name":"Default RSA Provider", "IsEnabled":true }, "OpenIDConnectProviders":[ ], "SAML2Providers":[ ] }
Update the authentication profile

To update the authentication profile, send a PUT request to the following Auth Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/auth-profile
The following is a sample request for updating a user's profile with a method of each provider type:
{ "profile":{ "ID":1, "IsGlobal":true, "Description":"Global Authentication Profile", "Password":{ "Name":"Default Password Provider", "IsEnabled":true, "MinimumPasswordLength":8, "MaximumPasswordLength":50, "MaximumPasswordAgeInDaysDefaultValue":0, "UsersCanChangePasswordDefaultValue":true, "AdminsCanSetPassword":true, "AllowEmailPasswordRecovery":false, "PasswordRecoveryRequestLimit":10, "MaximumPasswordHistory":5, "MaximumInvalidLoginAttempts":10, "AdditionalWorkFactor":0 }, "IntegratedAuthentication":{ "Name":"Default Integrated Authentication Provider", "IsEnabled":true }, "ActiveDirectory":{ "Name":"Default Active Directory Provider", "IsEnabled":true }, "ClientCertificate":{ "Name":"Default Smart Card Provider", "Description":"", "IsEnabled":true, "DisplayOnLoginPage":false, "Caption":"" }, "RSA":{ "Name":"Default RSA Provider", "IsEnabled":true }, "OpenIDConnectProviders":[ ], "SAML2Providers":[ ] } }
The response does not contain any data. Success or failure is indicated by the HTTP status code. For more information, see HTTP status codes in Relativity REST APIs.
Get a user's login profile

To get a user's login method profile, send a GET request to the following Login Profile Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-profile
The request body is empty.
Sample JSON response:
{ "UserID":9, "Password":{ "Email":"relativity.admin@kcura.com", "InvalidLoginAttempts":0, "IsEnabled":true, "MustResetPasswordOnNextLogin":false, "UserCanChangePassword":true, "PasswordExpirationInDays":0, "PasswordExpires":"9999-12-31T23:59:59.9999999", "TwoFactorMode":"None" }, "OpenIDConnectMethods":[ ], "SAML2Methods":[ ] }
Update a user's login profile

To update a users profile, send a POST request to the following Auth Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-profile
The following is a sample request for updating a user's profile:
{ "profile":{ "UserID":9, "Password":{ "Email":"relativity.admin@kcura.com", "InvalidLoginAttempts":0, "IsEnabled":true, "MustResetPasswordOnNextLogin":false, "UserCanChangePassword":true, "PasswordExpirationInDays":0, "PasswordExpires":"9999-12-31T23:59:59.9999999", "TwoFactorMode":"None" }, "OpenIDConnectMethods":[ ], "SAML2Methods":[ ] } }
The response does not contain any data. Success or failure is indicated by the HTTP status code. For more information, see HTTP status codes in Relativity REST APIs.
Send invitation emails
Verify whether users can be sent invitation emails

Before sending invitation emails, you can test whether the users can be invited. Issue a POST request to the following Login Profile Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/bulk-invitation/verify
The request payload must include the list of user ArtifactIDs.
{ "userIDList":[ "102010", "12313123" ] }
The response contains any validation errors:
{ "Success":false, "Errors":[ { "UserID":102010, "Exception":"SMTP server not running, verify smtp settings", "StatusCode":422 }, { "UserID":12313123, "Exception":"SMTP server not running, verify smtp settings", "StatusCode":422 } ] }
Send a single invitation email

To send an invitation email, issue a POST request to the following Login Profile Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/invitation
The request body is empty.
The response does not contain any data. Success or failure is indicated by the HTTP status code. For more information, see HTTP status codes in Relativity REST APIs.
Bulk send invitations to multiple users

To send invitations to multiple users, issue a POST request to the following Login Profile Manager service URL:
<host>Relativity.REST/api/Relativity-Identity/{versionNumber}/users/bulk-invitation
The request payload must include the list of user ArtifactIDs.
{ "userIDList":[ "102010", "12313123" ] }
If any of the invitations fail to be sent, the response returns the Success flag with the value of false, and the errors for specific users:
{ "Success":false, "Errors":[ { "UserID":102010, "Exception":"SMTP server not running, verify smtp settings", "StatusCode":422 }, { "UserID":12313123, "Exception":"SMTP server not running, verify smtp settings", "StatusCode":422 } ] }
If all invitations are successfully sent, the response does not contain any errors:
{ "Success": true, "Errors": [] }
Set users password

To set the user's password, send a PUT request to the following Login Profile Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-profile/set/password
The request payload must include the password string value:
{ "password":"newpassword" }
The response does not contain any data. Success or failure is indicated by the HTTP status code. For more information, see HTTP status codes in Relativity REST APIs.
Reset authenticator secret (2FA)

To set the user's password, send a DELETE request to the following Login Profile Manager service URL:
<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-method/{loginMethodID:int}/two-factor-application
The request payload must include the login method ID string value:
{ "loginMethodID":1010121 }
The response does not contain any data. Success or failure is indicated by the HTTP status code. For more information, see HTTP status codes in Relativity REST APIs.