## Get an Access identity provider `client.ZeroTrust.IdentityProviders.Get(ctx, identityProviderID, query) (*IdentityProvider, error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}` Fetches a configured identity provider. ### Parameters - `identityProviderID string` UUID. - `query IdentityProviderGetParams` - `AccountID param.Field[string]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type IdentityProvider interface{…}` - `type AzureAD struct{…}` - `Config AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `ConditionalAccessEnabled bool` Should Cloudflare try to load authentication contexts from your account - `DirectoryID string` Your Azure directory uuid - `EmailClaimName string` The claim name for email in the id_token response. - `Prompt AzureADConfigPrompt` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `const AzureADConfigPromptLogin AzureADConfigPrompt = "login"` - `const AzureADConfigPromptSelectAccount AzureADConfigPrompt = "select_account"` - `const AzureADConfigPromptNone AzureADConfigPrompt = "none"` - `SupportGroups bool` Should Cloudflare try to load groups from your account - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `const IdentityProviderTypeOnetimepin IdentityProviderType = "onetimepin"` - `const IdentityProviderTypeAzureAD IdentityProviderType = "azureAD"` - `const IdentityProviderTypeSAML IdentityProviderType = "saml"` - `const IdentityProviderTypeCentrify IdentityProviderType = "centrify"` - `const IdentityProviderTypeFacebook IdentityProviderType = "facebook"` - `const IdentityProviderTypeGitHub IdentityProviderType = "github"` - `const IdentityProviderTypeGoogleApps IdentityProviderType = "google-apps"` - `const IdentityProviderTypeGoogle IdentityProviderType = "google"` - `const IdentityProviderTypeLinkedin IdentityProviderType = "linkedin"` - `const IdentityProviderTypeOIDC IdentityProviderType = "oidc"` - `const IdentityProviderTypeOkta IdentityProviderType = "okta"` - `const IdentityProviderTypeOnelogin IdentityProviderType = "onelogin"` - `const IdentityProviderTypePingone IdentityProviderType = "pingone"` - `const IdentityProviderTypeYandex IdentityProviderType = "yandex"` - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `Enabled bool` A flag to enable or disable SCIM for the identity provider. - `IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehavior` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorAutomatic IdentityProviderSCIMConfigIdentityUpdateBehavior = "automatic"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorReauth IdentityProviderSCIMConfigIdentityUpdateBehavior = "reauth"` - `const IdentityProviderSCIMConfigIdentityUpdateBehaviorNoAction IdentityProviderSCIMConfigIdentityUpdateBehavior = "no_action"` - `SCIMBaseURL string` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `SeatDeprovision bool` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `Secret string` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `UserDeprovision bool` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `type IdentityProviderAccessCentrify struct{…}` - `Config IdentityProviderAccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `CentrifyAccount string` Your centrify account url - `CentrifyAppID string` Your centrify app id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessFacebook struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGitHub struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogle struct{…}` - `Config IdentityProviderAccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessGoogleApps struct{…}` - `Config IdentityProviderAccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AppsDomain string` Your companies TLD - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessLinkedin struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOIDC struct{…}` - `Config IdentityProviderAccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthURL string` The authorization_endpoint URL of your IdP - `CERTsURL string` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PKCEEnabled bool` Enable Proof Key for Code Exchange (PKCE) - `Scopes []string` OAuth scopes - `TokenURL string` The token_endpoint URL of your IdP - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOkta struct{…}` - `Config IdentityProviderAccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `AuthorizationServerID string` Your okta authorization server id - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OktaAccount string` Your okta account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnelogin struct{…}` - `Config IdentityProviderAccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `OneloginAccount string` Your OneLogin account url - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessPingone struct{…}` - `Config IdentityProviderAccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Claims []string` Custom claims - `ClientID string` Your OAuth Client ID - `ClientSecret string` Your OAuth Client Secret - `EmailClaimName string` The claim name for email in the id_token response. - `PingEnvID string` Your PingOne environment identifier - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessSAML struct{…}` - `Config IdentityProviderAccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Attributes []string` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `EmailAttributeName string` The attribute name for email in the SAML response. - `HeaderAttributes []IdentityProviderAccessSAMLConfigHeaderAttribute` Add a list of attribute names that will be returned in the response header from the Access callback. - `AttributeName string` attribute name from the IDP - `HeaderName string` header that will be added on the request to the origin - `IdPPublicCERTs []string` X509 certificate to verify the signature in the SAML authentication response - `IssuerURL string` IdP Entity ID or Issuer URL - `SignRequest bool` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `SSOTargetURL string` URL to send the SAML authentication requests to - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessYandex struct{…}` - `Config GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `type IdentityProviderAccessOnetimepin struct{…}` - `Config IdentityProviderAccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `RedirectURL string` - `Name string` The name of the identity provider, shown to users on the login page. - `Type IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `ID string` UUID. - `SCIMConfig IdentityProviderSCIMConfig` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) identityProvider, err := client.ZeroTrust.IdentityProviders.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.IdentityProviderGetParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", identityProvider) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } } ```