> ## Documentation Index > Fetch the complete documentation index at: https://hoopdev-docs-improve-idp-sso-pages.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Get Authentication Configuration > Get authentication configuration ## OpenAPI ````yaml https://use.hoop.dev/api/openapiv3.json get /serverconfig/auth openapi: 3.0.3 info: contact: email: help@hoop.dev name: Help url: https://help.hoop.dev description: >- Hoop.dev is an access gateway for databases and servers with an API for packet manipulation license: name: MIT url: https://opensource.org/license/mit termsOfService: https://hoop.dev/docs/legal/tos title: Hoop Api version: 1.49.10 servers: - url: https://use.hoop.dev/api security: [] tags: - description: > Hoop implements Oauth2 and OIDC protocol to authenticate users in the system. To obtain a valid access token users need to authenticate in their own identity provider which is generated as a JSON response to the endpoint `http(s)://use.hoop.dev/api/login`. The identity provider them redirects the user to the callback endpoint containing the access token. The recommended approach of obtaining an access token is by visiting the Webapp main's page or using the **Hoop command line**. Example: ```sh hoop config create --api-url https://use.hoop.dev # save the token after authenticating at $HOME/.hoop/config.toml hoop login # show token information hoop config view --raw ``` With an access token you could use any HTTP client to interact with the documented endpoints. The token must be sent through the `Authorization` header. Example: ```sh # obtain the current configuration of the server curl https://use.hoop.dev/api/serverinfo -H "Authorization: Bearer $ACCESS_TOKEN" ``` name: Authentication - description: > Users are active and assigned to the default organization when they signup. A user could be set to an inactive state preventing it from accessing the platform, however it’s recommended to manage the state of users in the identity provider. - The `sub` claim is used as the main identifier of the user in the platform. - The profile of the user is derived from the id_token claims `email` and `name`. When a user authenticates for the first time, it performs an automatic signup that persist the profile claims along with it’s unique identifier. ​ ### Groups Groups allows defining who may access or interact with certain resources. - For connection resources it’s possible to define which groups has access to a specific connection, this is enforced when the Access Control feature is enabled. - For review resources, it’s possible to define which groups are allowed to approve an execution, this is enforced when the Review feature is enabled. > This resource could be managed manually via Webapp or propagated by the identity provider via ID Token. In this mode, groups are sync when a user performs a login. ### Roles - The `admin` group is a special role that grants full access to all resources This role should be granted to users that are responsible for managing the Gateway. All other users are regular, meaning that they can access their own resources and interact with connections. name: User Management - description: Routes used to manage and obtain information about the runtime server. name: Server Management - description: Features available in the gateway. See also **Plugin** resources. name: Features - description: >- Proxy manager endpoints controls how clients connect via gRPC in the gateway. These endpoints are meant to be used when a client is initialized via `hoop proxy-manager`. name: Proxy Manager - name: Connections - name: Agents - name: Runbooks - name: Guard Rails - name: Reviews - name: Sessions - name: Organization Management - name: Reports paths: /serverconfig/auth: get: tags: - Server Management summary: Get Authentication Configuration description: Get authentication configuration responses: '200': content: application/json: schema: $ref: '#/components/schemas/openapi.ServerAuthConfig' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Forbidden '500': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Internal Server Error components: schemas: openapi.ServerAuthConfig: properties: admin_role_name: default: admin description: Changes the default administrator role of the system type: string api_key: description: >- The api key with admin privileges used to authenticate in the API. It is a read only field example: xapi-WqIAoYhKuIv2IPmVkfsyyK readOnly: true type: string auditor_role_name: default: auditor description: Changes the default auditor role of the system type: string auth_method: allOf: - $ref: '#/components/schemas/openapi.ProviderType' description: The identity provider type to configure example: local oidc_config: allOf: - $ref: '#/components/schemas/openapi.ServerAuthOidcConfig' description: OIDC / Oauth2 identity provider configuration provider_name: description: The provider type name used to identify the authentication provider example: generic type: string rollout_api_key: description: >- The api key to rollout. When this field is set, the server will rollout the previous api_key. This attribute must be obtained in the endpoint to generate rollout api keys. example: xapi-WqIAoYhKuIv2IPmVkfsyyK type: string saml_config: allOf: - $ref: '#/components/schemas/openapi.ServerAuthSamlConfig' description: SAML 2.0 identity provider configuration webapp_users_management_status: description: >- Enable the users management in the Webapp. It allows to create, edit and delete users. enum: - active - inactive type: string required: - auth_method - webapp_users_management_status type: object openapi.HTTPError: properties: message: example: the error description type: string type: object openapi.ProviderType: enum: - oidc - saml - local type: string openapi.ServerAuthOidcConfig: properties: audience: description: Identity Provider Audience (Oauth2) example: hoop-audience type: string client_id: description: Oauth2 Client ID example: hoop-client-id type: string client_secret: description: Oauth2 Client Secret example: hoop-client-secret type: string groups_claim: description: Specifies the claim identifier used to configure group propagation. example: groups type: string issuer_url: description: Identity Provider Issuer URL (Oauth2) example: https://auth.domain.tld/oidc type: string scopes: description: >- Additional Oauth2 scopes to append in the request. Default values are openid, profile and email. example: - openid - email - profile items: type: string type: array required: - client_id - client_secret - issuer_url type: object openapi.ServerAuthSamlConfig: properties: groups_claim: default: groups description: Specifies the claim identifier used to configure group propagation. type: string idp_metadata_url: description: Identity Provider Metadata URL (SAML 2.0) example: https://auth.domain.tld/saml/metadata type: string required: - idp_metadata_url type: object ````