Authentication Realms
You can use the Authentication Realms endpoint to configure authentication options. Authentication Realm sub-resources can be used to configure single sign-on.
The Authentication Realm Object
| Attribute | Type | Description | 
|---|---|---|
| id | string | The unique identifier for the authentication realm. | 
| meta | object | Additional information for this realm. For more information, see The meta objectsection. | 
| name | string | The name of the authentication realm. | 
| redirect_uris | array[string] | An array of Storefront URIs that can start Single Sign On authentication. These URIs must follow the rules for redirection endpoints in OAuth 2.0. All URIs must start with https://except forhttp://localhost. | 
| relationships | object | The related resources. For more information, see The relationships object section. | 
| duplicate_email_policy | string | The values permitted for this parameter are, allowedorapi_only. In Single Sign On (SSO) each user in the Identity Provider (IdP) has a unique identifier, but different IdPs might differ in whether distinct users can share the same email address. For theallowedsetting, when a user with a new unique identifier signs in through SSO for the first time, the system creates a new user. However, for theapi_onlysetting, the system assigns the new unique identifier to the existing user in the system, in this case both the old and new unique identifier from the IdP points to the same user in Commerce. Theapi_onlysetting is recommended only when all configured identity providers treat e-mail address as a unique identifier for the user, otherwise a user might get access to another user’s account and data. Thus theapi_onlyvalue can simplify administration of users. | 
| type | string | The type of the object returned. | 
Response Example
{
    "data": {
        "id": "40086652-2779-45f0-8ea6-ae630dfd13cb",
        "meta": {
            "created_at": "2020-11-04T21:28:50.796Z",
            "updated_at": "2020-11-04T21:28:50.796Z"
        },
        "name": "Test Authentication Realm",
        "redirect_uris": ["https://example.com"],
        "relationships": {
            "origin": {
                "data": {
                    "id": "88888888-4444-4333-8333-111111111111",
                    "type": "customer-authentication-settings"
                }
            }
        },
        "duplicate_email_policy": "allowed",
        "type": "authentication-realm"
    },
    "links": {
        "self": "https://useast.api.elasticpath.com/v2/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb"
    }
}
The meta Object
| Attribute | Type | Description | 
|---|---|---|
| meta.created_at | string | The creation date of this realm. | 
| meta.updated_at | string | The last updated date of this realm. | 
The relationships Object
| Attribute | Type | Description | 
|---|---|---|
| relationships.origin | object | Relationships information regarding the entity that created this realm. | 
| relationships.origin.data | object | Information regarding the origin entity. | 
| relationships.origin.data.id | string | The ID of the origin entity. | 
| relationships.origin.data.type | string | The type of the origin entity. Currently only customer-authentication-settingsis supported, however other values are still accepted. |