Login Profile Manager (REST)

The login profile defines how an individual user logs into Relativity by setting user-specific options for each provider in the authentication profile. Each entry in the user's login profile corresponds to a matching entry in the environment's authentication profile, such as Provider in the environment for Password, Integrated Authentication, Active Directory, RSA, and Client Certificate.

The Login Profile Manager service is used to configure authentication profiles and user login profiles.

  • Authentication profile - The authentication profile is a collection of authentication providers which user login methods are created from. For example, the authentication profile is where you configure Password settings such as min and max password length. It also is where you define external identity providers that use the OpenID Connect and SAML protocols. How you configure your authentication profile determines how the look and behavior of the Relativity login page.
  • Login Profile - While the authentication profile applies to the environment, each user has a Login Profile that defines the user-specific options for various providers on the authentication profile. Each entry in the user's Login Profile corresponds to a matching entry in the environment's authentication profile. Each user automatically has a login profile upon creation, and you cannot delete that profile.

You can also use the Login Profile Manager service through .NET. For more information, see Login Profile Manager (.NET).

This page contains the following information:

Guidelines for the Login Profile Manager service

Review the following guidelines for working with this service.

URLs

The URLs for REST endpoints contain path parameters that you need to set before making a call:

  • Set the {versionNumber} placeholder to the version of the REST API that you want to use, using the format lowercase v and the version number, for example v1 or v2
  • Set other path parameters in the URLs to the Artifact ID of a given entity, for example setting {workspaceID} to the Artifact ID of a workspace.
  • Note: To indicate the admin-level context, set the {workspaceID} path parameter to -1.

See Login Profile Manager (.NET) for more information.

Get global authentication profile

To retrieve the global authentication profile, send a GET request with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/auth-profile/global

The request body is empty.

Update an authentication profile

To update an authentication profile, send a PUT  with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/auth-profile

The request for an update operation contains the same fields as a response for a create operation. See the descriptions in View field descriptions for a response.

When the profile is successfully updated, the response returns the status code of 200. For more information, see HTTP status codes in Relativity REST APIs.

Get a login profile for a user

To get a login profile for a user, send a GET request with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-profile

The request body is empty.

Update a login profile for a user

To update a user's profile, send a POST request with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-profile

When the profile is successfully updated, the response returns the status code of 200. For more information, see HTTP status codes in Relativity REST APIs.

Helper endpoints for invitation emails

The Login Profile Manager service has helper endpoints that you can use to send invitations to newly-created users to log in to Relativity and set their passwords.

Verify that invitation emails can be sent successfully

Before sending invitation emails, you can determine whether the users can be invited. Send a POST request with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/bulk-invitation/verify

The request must include an array of the Artifact IDs for users .

{
   "userIDList":[
      "102010",
      "12313123"
   ]
}

Send a single invitation email

To send an invitation email, issue a POST request with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/invitation

The request body is empty.

When the invitation is successfully sent, the response returns the status code of 200. For more information, see HTTP status codes in Relativity REST APIs.

Send bulk invitations to users

To send invitations to multiple users, send a POST request with a URL in the following format:

<host>Relativity.REST/api/Relativity-Identity/{versionNumber}/users/bulk-invitation

The request must contain an array of the Artifact IDs for the users who should receive the invitations:

{
   "userIDList":[
      "102010",
      "12313123"
   ]
}

Set a user's password

To set the user's password, send a PUT request with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-profile/set/password

The request body must include a string value for the password:

{
   "password":"newpassword"
} 

When the password is successfully set, the response returns the status code of 200. For more information, see HTTP status codes in Relativity REST APIs.

Reset authenticator secret (2FA)

To set the authenticator secret, send a DELETE request with a URL in the following format:

<host>/Relativity.REST/api/Relativity-Identity/{versionNumber}/users/{userID:int}/login-method/{loginMethodID:int}/two-factor-application

The request must contain a value for the login method ID:

{
   "loginMethodID":1010121
} 

When the secret is successfully reset, the response returns the status code of 200. For more information, see HTTP status codes in Relativity REST APIs.