List Access identity providers
Lists all configured identity providers.
Security
API Token
The preferred authorization scheme for interacting with the Cloudflare API. Create a token.
Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYYAPI Email + API Key
The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.
X-Auth-Email: user@example.comThe previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.
X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194Accepted Permissions (at least one required)
Access: Organizations, Identity Providers, and Groups WriteAccess: Organizations, Identity Providers, and Groups ReadParametersExpand Collapse
ReturnsExpand Collapse
type IdentityProviderListResponse interface{…}
type AzureAD struct{…}
Config AzureADConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Should Cloudflare try to load authentication contexts from your account
Prompt AzureADConfigPromptOptionalIndicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn’t presented with any interactive prompt. If the request can’t be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.
Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn’t presented with any interactive prompt. If the request can’t be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet AzureADSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate AzureADSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessCentrify struct{…}
Config IdentityProviderListResponseAccessCentrifyConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessCentrifySAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessCentrifySAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessFacebook struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessFacebookSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessFacebookSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessGitHub struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessGitHubSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessGitHubSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessGoogle struct{…}
Config IdentityProviderListResponseAccessGoogleConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessGoogleSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessGoogleSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessGoogleApps struct{…}
Config IdentityProviderListResponseAccessGoogleAppsConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessGoogleAppsSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessGoogleAppsSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessLinkedin struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessLinkedinSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessLinkedinSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessOIDC struct{…}
Config IdentityProviderListResponseAccessOIDCConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessOIDCSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessOIDCSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessOkta struct{…}
Config IdentityProviderListResponseAccessOktaConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessOktaSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessOktaSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessOnelogin struct{…}
Config IdentityProviderListResponseAccessOneloginConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessOneloginSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessOneloginSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessPingone struct{…}
Config IdentityProviderListResponseAccessPingoneConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessPingoneSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessPingoneSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessSAML struct{…}
Config IdentityProviderListResponseAccessSAMLConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules.
Enable SAML assertion encryption. When enabled, the Identity Provider will encrypt SAML assertions using the certificate from the assigned certificate set.
To enable encryption:
- Create a certificate set via POST to
/identity_providers/{id}/saml_certificate - Set this field to
trueand includesaml_certificate_set_idin the PUT request - Configure the public certificate in your external Identity Provider
Note: Requires saml_certificate_set_id to be set when true.
HeaderAttributes []IdentityProviderListResponseAccessSAMLConfigHeaderAttributeOptionalAdd a list of attribute names that will be returned in the response header from the Access callback.
Add a list of attribute names that will be returned in the response header from the Access callback.
X509 certificate to verify the signature in the SAML authentication response
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessSAMLSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessSAMLSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessYandex struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessYandexSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessYandexSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessOnetimepin struct{…}
Config IdentityProviderListResponseAccessOnetimepinConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessOnetimepinSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessOnetimepinSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderListResponseAccessCloudflare struct{…}
Config IdentityProviderListResponseAccessCloudflareConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderListResponseAccessCloudflareSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderListResponseAccessCloudflareSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
List Access identity providers
package main
import (
"context"
"fmt"
"github.com/cloudflare/cloudflare-go"
"github.com/cloudflare/cloudflare-go/option"
"github.com/cloudflare/cloudflare-go/zero_trust"
)
func main() {
client := cloudflare.NewClient(
option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
)
page, err := client.ZeroTrust.IdentityProviders.List(context.TODO(), zero_trust.IdentityProviderListParams{
})
if err != nil {
panic(err.Error())
}
fmt.Printf("%+v\n", page)
}
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"success": true,
"result": [
{
"config": {
"claims": [
"email_verified",
"preferred_username",
"custom_claim_name"
],
"client_id": "<your client id>",
"client_secret": "<your client secret>",
"conditional_access_enabled": true,
"directory_id": "<your azure directory uuid>",
"email_claim_name": "custom_claim_name",
"prompt": "login",
"support_groups": true
},
"name": "Widget Corps IDP",
"type": "onetimepin",
"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"saml_certificate_set": {
"created_at": "2026-05-07T19:16:19.821162Z",
"uid": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"updated_at": "2026-05-07T19:16:19.821162Z",
"current_certificate": {
"is_current": true,
"not_after": "2027-05-07T19:11:00Z",
"public_certificate": "-----BEGIN CERTIFICATE-----\nMIIEpzCCA4+gAwIBAgIUTh2VSDDJ0oB/gabio6j1L9QwWoUwDQYJKoZIhvcNAQEL\n...\n-----END CERTIFICATE-----\n",
"uid": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
},
"previous_certificate": {}
},
"saml_certificate_set_id": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"scim_config": {
"enabled": true,
"identity_update_behavior": "automatic",
"scim_base_url": "scim_base_url",
"seat_deprovision": true,
"secret": "secret",
"user_deprovision": true
}
}
],
"result_info": {
"count": 1,
"page": 1,
"per_page": 20,
"total_count": 2000,
"total_pages": 100
}
}Returns Examples
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"success": true,
"result": [
{
"config": {
"claims": [
"email_verified",
"preferred_username",
"custom_claim_name"
],
"client_id": "<your client id>",
"client_secret": "<your client secret>",
"conditional_access_enabled": true,
"directory_id": "<your azure directory uuid>",
"email_claim_name": "custom_claim_name",
"prompt": "login",
"support_groups": true
},
"name": "Widget Corps IDP",
"type": "onetimepin",
"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"saml_certificate_set": {
"created_at": "2026-05-07T19:16:19.821162Z",
"uid": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"updated_at": "2026-05-07T19:16:19.821162Z",
"current_certificate": {
"is_current": true,
"not_after": "2027-05-07T19:11:00Z",
"public_certificate": "-----BEGIN CERTIFICATE-----\nMIIEpzCCA4+gAwIBAgIUTh2VSDDJ0oB/gabio6j1L9QwWoUwDQYJKoZIhvcNAQEL\n...\n-----END CERTIFICATE-----\n",
"uid": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
},
"previous_certificate": {}
},
"saml_certificate_set_id": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"scim_config": {
"enabled": true,
"identity_update_behavior": "automatic",
"scim_base_url": "scim_base_url",
"seat_deprovision": true,
"secret": "secret",
"user_deprovision": true
}
}
],
"result_info": {
"count": 1,
"page": 1,
"per_page": 20,
"total_count": 2000,
"total_pages": 100
}
}