# Identity Providers ## List Access identity providers `client.ZeroTrust.IdentityProviders.List(ctx, params) (*V4PagePaginationArray[IdentityProviderListResponse], error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers` Lists all configured identity providers. ### Parameters - `params IdentityProviderListParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Page param.Field[int64]` Query param: Page number of results. - `PerPage param.Field[int64]` Query param: Number of results per page. - `SCIMEnabled param.Field[string]` Query param: Indicates to Access to only retrieve identity providers that have the System for Cross-Domain Identity Management (SCIM) enabled. ### Returns - `type IdentityProviderListResponse interface{…}` - `type AzureAD struct{…}` - `Config AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `ConditionalAccessEnabled bool` Should Cloudflare try to load authentication contexts from your account - `DirectoryID string` Your Azure directory uuid - `EmailClaimName string` The claim name for email in the id_token response. - `Prompt AzureADConfigPrompt` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `const AzureADConfigPromptLogin AzureADConfigPrompt = "login"` - `const AzureADConfigPromptSelectAccount AzureADConfigPrompt = "select_account"` - `const AzureADConfigPromptNone AzureADConfigPrompt = "none"` - `SupportGroups bool` Should Cloudflare try to load groups from your account - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `type IdentityProviderListResponseAccessCentrify struct{…}` - `Config IdentityProviderListResponseAccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `CentrifyAccount string` Your centrify account url - `CentrifyAppID string` Your centrify app id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessFacebook struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessGitHub struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessGoogle struct{…}` - `Config IdentityProviderListResponseAccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessGoogleApps struct{…}` - `Config IdentityProviderListResponseAccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AppsDomain string` Your companies TLD - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessLinkedin struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessOIDC struct{…}` - `Config IdentityProviderListResponseAccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthURL string` The authorization_endpoint URL of your IdP - `CERTsURL string` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PKCEEnabled bool` Enable Proof Key for Code Exchange (PKCE) - `Scopes []string` OAuth scopes - `TokenURL string` The token_endpoint URL of your IdP - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessOkta struct{…}` - `Config IdentityProviderListResponseAccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthorizationServerID string` Your okta authorization server id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OktaAccount string` Your okta account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessOnelogin struct{…}` - `Config IdentityProviderListResponseAccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OneloginAccount string` Your OneLogin account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessPingone struct{…}` - `Config IdentityProviderListResponseAccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PingEnvID string` Your PingOne environment identifier - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessSAML struct{…}` - `Config IdentityProviderListResponseAccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Attributes []string` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `EmailAttributeName string` The attribute name for email in the SAML response. - `HeaderAttributes []IdentityProviderListResponseAccessSAMLConfigHeaderAttribute` Add a list of attribute names that will be returned in the response header from the Access callback. - `AttributeName string` attribute name from the IDP - `HeaderName string` header that will be added on the request to the origin - `IdPPublicCERTs []string` X509 certificate to verify the signature in the SAML authentication response - `IssuerURL string` IdP Entity ID or Issuer URL - `SignRequest bool` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `SSOTargetURL string` URL to send the SAML authentication requests to - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderListResponseAccessYandex struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.IdentityProviders.List(context.TODO(), zero_trust.IdentityProviderListParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get an Access identity provider `client.ZeroTrust.IdentityProviders.Get(ctx, identityProviderID, query) (*IdentityProvider, error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}` Fetches a configured identity provider. ### Parameters - `identityProviderID string` UUID. - `query IdentityProviderGetParams` - `AccountID param.Field[string]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type IdentityProvider interface{…}` - `type AzureAD struct{…}` - `Config AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `ConditionalAccessEnabled bool` Should Cloudflare try to load authentication contexts from your account - `DirectoryID string` Your Azure directory uuid - `EmailClaimName string` The claim name for email in the id_token response. - `Prompt AzureADConfigPrompt` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `const AzureADConfigPromptLogin AzureADConfigPrompt = "login"` - `const AzureADConfigPromptSelectAccount AzureADConfigPrompt = "select_account"` - `const AzureADConfigPromptNone AzureADConfigPrompt = "none"` - `SupportGroups bool` Should Cloudflare try to load groups from your account - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `type IdentityProviderAccessCentrify struct{…}` - `Config IdentityProviderAccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `CentrifyAccount string` Your centrify account url - `CentrifyAppID string` Your centrify app id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessFacebook struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGitHub struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogle struct{…}` - `Config IdentityProviderAccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogleApps struct{…}` - `Config IdentityProviderAccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AppsDomain string` Your companies TLD - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessLinkedin struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOIDC struct{…}` - `Config IdentityProviderAccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthURL string` The authorization_endpoint URL of your IdP - `CERTsURL string` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PKCEEnabled bool` Enable Proof Key for Code Exchange (PKCE) - `Scopes []string` OAuth scopes - `TokenURL string` The token_endpoint URL of your IdP - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOkta struct{…}` - `Config IdentityProviderAccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthorizationServerID string` Your okta authorization server id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OktaAccount string` Your okta account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnelogin struct{…}` - `Config IdentityProviderAccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OneloginAccount string` Your OneLogin account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessPingone struct{…}` - `Config IdentityProviderAccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PingEnvID string` Your PingOne environment identifier - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessSAML struct{…}` - `Config IdentityProviderAccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Attributes []string` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `EmailAttributeName string` The attribute name for email in the SAML response. - `HeaderAttributes []IdentityProviderAccessSAMLConfigHeaderAttribute` Add a list of attribute names that will be returned in the response header from the Access callback. - `AttributeName string` attribute name from the IDP - `HeaderName string` header that will be added on the request to the origin - `IdPPublicCERTs []string` X509 certificate to verify the signature in the SAML authentication response - `IssuerURL string` IdP Entity ID or Issuer URL - `SignRequest bool` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `SSOTargetURL string` URL to send the SAML authentication requests to - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessYandex struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnetimepin struct{…}` - `Config IdentityProviderAccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `RedirectURL string` - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) identityProvider, err := client.ZeroTrust.IdentityProviders.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.IdentityProviderGetParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", identityProvider) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } } ``` ## Add an Access identity provider `client.ZeroTrust.IdentityProviders.New(ctx, params) (*IdentityProvider, error)` **post** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers` Adds a new identity provider to Access. ### Parameters - `params IdentityProviderNewParams` - `AzureAD param.Field[AzureAD]` Body param - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type IdentityProvider interface{…}` - `type AzureAD struct{…}` - `Config AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `ConditionalAccessEnabled bool` Should Cloudflare try to load authentication contexts from your account - `DirectoryID string` Your Azure directory uuid - `EmailClaimName string` The claim name for email in the id_token response. - `Prompt AzureADConfigPrompt` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `const AzureADConfigPromptLogin AzureADConfigPrompt = "login"` - `const AzureADConfigPromptSelectAccount AzureADConfigPrompt = "select_account"` - `const AzureADConfigPromptNone AzureADConfigPrompt = "none"` - `SupportGroups bool` Should Cloudflare try to load groups from your account - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `type IdentityProviderAccessCentrify struct{…}` - `Config IdentityProviderAccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `CentrifyAccount string` Your centrify account url - `CentrifyAppID string` Your centrify app id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessFacebook struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGitHub struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogle struct{…}` - `Config IdentityProviderAccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogleApps struct{…}` - `Config IdentityProviderAccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AppsDomain string` Your companies TLD - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessLinkedin struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOIDC struct{…}` - `Config IdentityProviderAccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthURL string` The authorization_endpoint URL of your IdP - `CERTsURL string` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PKCEEnabled bool` Enable Proof Key for Code Exchange (PKCE) - `Scopes []string` OAuth scopes - `TokenURL string` The token_endpoint URL of your IdP - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOkta struct{…}` - `Config IdentityProviderAccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthorizationServerID string` Your okta authorization server id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OktaAccount string` Your okta account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnelogin struct{…}` - `Config IdentityProviderAccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OneloginAccount string` Your OneLogin account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessPingone struct{…}` - `Config IdentityProviderAccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PingEnvID string` Your PingOne environment identifier - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessSAML struct{…}` - `Config IdentityProviderAccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Attributes []string` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `EmailAttributeName string` The attribute name for email in the SAML response. - `HeaderAttributes []IdentityProviderAccessSAMLConfigHeaderAttribute` Add a list of attribute names that will be returned in the response header from the Access callback. - `AttributeName string` attribute name from the IDP - `HeaderName string` header that will be added on the request to the origin - `IdPPublicCERTs []string` X509 certificate to verify the signature in the SAML authentication response - `IssuerURL string` IdP Entity ID or Issuer URL - `SignRequest bool` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `SSOTargetURL string` URL to send the SAML authentication requests to - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessYandex struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnetimepin struct{…}` - `Config IdentityProviderAccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `RedirectURL string` - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) identityProvider, err := client.ZeroTrust.IdentityProviders.New(context.TODO(), zero_trust.IdentityProviderNewParams{ IdentityProvider: zero_trust.AzureADParam{ Config: cloudflare.F(zero_trust.AzureADConfigParam{ }), Name: cloudflare.F("Widget Corps IDP"), Type: cloudflare.F(zero_trust.IdentityProviderTypeOnetimepin), }, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", identityProvider) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } } ``` ## Update an Access identity provider `client.ZeroTrust.IdentityProviders.Update(ctx, identityProviderID, params) (*IdentityProvider, error)` **put** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}` Updates a configured identity provider. ### Parameters - `identityProviderID string` UUID. - `params IdentityProviderUpdateParams` - `AzureAD param.Field[AzureAD]` Body param - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type IdentityProvider interface{…}` - `type AzureAD struct{…}` - `Config AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `ConditionalAccessEnabled bool` Should Cloudflare try to load authentication contexts from your account - `DirectoryID string` Your Azure directory uuid - `EmailClaimName string` The claim name for email in the id_token response. - `Prompt AzureADConfigPrompt` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `const AzureADConfigPromptLogin AzureADConfigPrompt = "login"` - `const AzureADConfigPromptSelectAccount AzureADConfigPrompt = "select_account"` - `const AzureADConfigPromptNone AzureADConfigPrompt = "none"` - `SupportGroups bool` Should Cloudflare try to load groups from your account - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `type IdentityProviderAccessCentrify struct{…}` - `Config IdentityProviderAccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `CentrifyAccount string` Your centrify account url - `CentrifyAppID string` Your centrify app id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessFacebook struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGitHub struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogle struct{…}` - `Config IdentityProviderAccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogleApps struct{…}` - `Config IdentityProviderAccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AppsDomain string` Your companies TLD - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessLinkedin struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOIDC struct{…}` - `Config IdentityProviderAccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthURL string` The authorization_endpoint URL of your IdP - `CERTsURL string` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PKCEEnabled bool` Enable Proof Key for Code Exchange (PKCE) - `Scopes []string` OAuth scopes - `TokenURL string` The token_endpoint URL of your IdP - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOkta struct{…}` - `Config IdentityProviderAccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthorizationServerID string` Your okta authorization server id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OktaAccount string` Your okta account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnelogin struct{…}` - `Config IdentityProviderAccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OneloginAccount string` Your OneLogin account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessPingone struct{…}` - `Config IdentityProviderAccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PingEnvID string` Your PingOne environment identifier - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessSAML struct{…}` - `Config IdentityProviderAccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Attributes []string` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `EmailAttributeName string` The attribute name for email in the SAML response. - `HeaderAttributes []IdentityProviderAccessSAMLConfigHeaderAttribute` Add a list of attribute names that will be returned in the response header from the Access callback. - `AttributeName string` attribute name from the IDP - `HeaderName string` header that will be added on the request to the origin - `IdPPublicCERTs []string` X509 certificate to verify the signature in the SAML authentication response - `IssuerURL string` IdP Entity ID or Issuer URL - `SignRequest bool` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `SSOTargetURL string` URL to send the SAML authentication requests to - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessYandex struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnetimepin struct{…}` - `Config IdentityProviderAccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `RedirectURL string` - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) identityProvider, err := client.ZeroTrust.IdentityProviders.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.IdentityProviderUpdateParams{ IdentityProvider: zero_trust.AzureADParam{ Config: cloudflare.F(zero_trust.AzureADConfigParam{ }), Name: cloudflare.F("Widget Corps IDP"), Type: cloudflare.F(zero_trust.IdentityProviderTypeOnetimepin), }, }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", identityProvider) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } } ``` ## Delete an Access identity provider `client.ZeroTrust.IdentityProviders.Delete(ctx, identityProviderID, body) (*IdentityProviderDeleteResponse, error)` **delete** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}` Deletes an identity provider from Access. ### Parameters - `identityProviderID string` UUID. - `body IdentityProviderDeleteParams` - `AccountID param.Field[string]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type IdentityProviderDeleteResponse struct{…}` - `ID string` UUID. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) identityProvider, err := client.ZeroTrust.IdentityProviders.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.IdentityProviderDeleteParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", identityProvider.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Azure AD - `type AzureAD struct{…}` - `Config AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `ConditionalAccessEnabled bool` Should Cloudflare try to load authentication contexts from your account - `DirectoryID string` Your Azure directory uuid - `EmailClaimName string` The claim name for email in the id_token response. - `Prompt AzureADConfigPrompt` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `const AzureADConfigPromptLogin AzureADConfigPrompt = "login"` - `const AzureADConfigPromptSelectAccount AzureADConfigPrompt = "select_account"` - `const AzureADConfigPromptNone AzureADConfigPrompt = "none"` - `SupportGroups bool` Should Cloudflare try to load groups from your account - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. ### Generic OAuth Config - `type GenericOAuthConfig struct{…}` - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret ### Identity Provider - `type IdentityProvider interface{…}` - `type AzureAD struct{…}` - `Config AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `ConditionalAccessEnabled bool` Should Cloudflare try to load authentication contexts from your account - `DirectoryID string` Your Azure directory uuid - `EmailClaimName string` The claim name for email in the id_token response. - `Prompt AzureADConfigPrompt` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `const AzureADConfigPromptLogin AzureADConfigPrompt = "login"` - `const AzureADConfigPromptSelectAccount AzureADConfigPrompt = "select_account"` - `const AzureADConfigPromptNone AzureADConfigPrompt = "none"` - `SupportGroups bool` Should Cloudflare try to load groups from your account - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `type IdentityProviderAccessCentrify struct{…}` - `Config IdentityProviderAccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `CentrifyAccount string` Your centrify account url - `CentrifyAppID string` Your centrify app id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessFacebook struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGitHub struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogle struct{…}` - `Config IdentityProviderAccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogleApps struct{…}` - `Config IdentityProviderAccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AppsDomain string` Your companies TLD - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessLinkedin struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOIDC struct{…}` - `Config IdentityProviderAccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthURL string` The authorization_endpoint URL of your IdP - `CERTsURL string` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PKCEEnabled bool` Enable Proof Key for Code Exchange (PKCE) - `Scopes []string` OAuth scopes - `TokenURL string` The token_endpoint URL of your IdP - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOkta struct{…}` - `Config IdentityProviderAccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthorizationServerID string` Your okta authorization server id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OktaAccount string` Your okta account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnelogin struct{…}` - `Config IdentityProviderAccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OneloginAccount string` Your OneLogin account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessPingone struct{…}` - `Config IdentityProviderAccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PingEnvID string` Your PingOne environment identifier - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessSAML struct{…}` - `Config IdentityProviderAccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Attributes []string` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `EmailAttributeName string` The attribute name for email in the SAML response. - `HeaderAttributes []IdentityProviderAccessSAMLConfigHeaderAttribute` Add a list of attribute names that will be returned in the response header from the Access callback. - `AttributeName string` attribute name from the IDP - `HeaderName string` header that will be added on the request to the origin - `IdPPublicCERTs []string` X509 certificate to verify the signature in the SAML authentication response - `IssuerURL string` IdP Entity ID or Issuer URL - `SignRequest bool` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `SSOTargetURL string` URL to send the SAML authentication requests to - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessYandex struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnetimepin struct{…}` - `Config IdentityProviderAccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `RedirectURL string` - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Identity Provider SCIM Config - `type IdentityProviderSCIMConfig struct{…}` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. ### Identity Provider Type - `type IdentityProviderType string` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` # SCIM # Groups ## List SCIM Group resources `client.ZeroTrust.IdentityProviders.SCIM.Groups.List(ctx, identityProviderID, params) (*V4PagePaginationArray[ZeroTrustGroup], error)` **get** `/accounts/{account_id}/access/identity_providers/{identity_provider_id}/scim/groups` Lists SCIM Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM). ### Parameters - `identityProviderID string` UUID. - `params IdentityProviderSCIMGroupListParams` - `AccountID param.Field[string]` Path param: Identifier. - `CfResourceID param.Field[string]` Query param: The unique Cloudflare-generated Id of the SCIM Group resource; also known as the "Id". - `IdPResourceID param.Field[string]` Query param: The IdP-generated Id of the SCIM Group resource; also known as the "external Id". - `Name param.Field[string]` Query param: The display name of the SCIM Group resource. - `Page param.Field[int64]` Query param: Page number of results. - `PerPage param.Field[int64]` Query param: Number of results per page. ### Returns - `type ZeroTrustGroup struct{…}` - `ID string` The unique Cloudflare-generated Id of the SCIM resource. - `DisplayName string` The display name of the SCIM Group resource. - `ExternalID string` The IdP-generated Id of the SCIM resource. - `Meta ZeroTrustGroupMeta` The metadata of the SCIM resource. - `Created Time` The timestamp of when the SCIM resource was created. - `LastModified Time` The timestamp of when the SCIM resource was last modified. - `Schemas []string` The list of URIs which indicate the attributes contained within a SCIM resource. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.IdentityProviders.SCIM.Groups.List( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.IdentityProviderSCIMGroupListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "bd97ef8d-7986-43e3-9ee0-c25dda33e4b0", "displayName": "ALL EMPLOYEES", "externalId": "all_employees", "meta": { "created": "2025-01-01T00:00:00Z", "lastModified": "2025-01-02T00:00:00Z" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` # Users ## List SCIM User resources `client.ZeroTrust.IdentityProviders.SCIM.Users.List(ctx, identityProviderID, params) (*V4PagePaginationArray[AccessUser], error)` **get** `/accounts/{account_id}/access/identity_providers/{identity_provider_id}/scim/users` Lists SCIM User resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM). ### Parameters - `identityProviderID string` UUID. - `params IdentityProviderSCIMUserListParams` - `AccountID param.Field[string]` Path param: Identifier. - `CfResourceID param.Field[string]` Query param: The unique Cloudflare-generated Id of the SCIM User resource; also known as the "Id". - `Email param.Field[string]` Query param: The email address of the SCIM User resource. - `IdPResourceID param.Field[string]` Query param: The IdP-generated Id of the SCIM User resource; also known as the "external Id". - `Name param.Field[string]` Query param: The name of the SCIM User resource. - `Page param.Field[int64]` Query param: Page number of results. - `PerPage param.Field[int64]` Query param: Number of results per page. - `Username param.Field[string]` Query param: The username of the SCIM User resource. ### Returns - `type AccessUser struct{…}` - `ID string` The unique Cloudflare-generated Id of the SCIM resource. - `Active bool` Determines the status of the SCIM User resource. - `DisplayName string` The name of the SCIM User resource. - `Emails []AccessUserEmail` - `Primary bool` Indicates if the email address is the primary email belonging to the SCIM User resource. - `Type string` Indicates the type of the email address. - `Value string` The email address of the SCIM User resource. - `ExternalID string` The IdP-generated Id of the SCIM resource. - `Meta AccessUserMeta` The metadata of the SCIM resource. - `Created Time` The timestamp of when the SCIM resource was created. - `LastModified Time` The timestamp of when the SCIM resource was last modified. - `Schemas []string` The list of URIs which indicate the attributes contained within a SCIM resource. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.IdentityProviders.SCIM.Users.List( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.IdentityProviderSCIMUserListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "bd97ef8d-7986-43e3-9ee0-c25dda33e4b0", "active": true, "displayName": "John Smith", "emails": [ { "primary": true, "type": "work", "value": "john.smith@example.com" } ], "externalId": "john_smith", "meta": { "created": "2025-01-01T00:00:00Z", "lastModified": "2025-01-02T00:00:00Z" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ```