Update an Access identity provider
Updates a configured identity provider.
Security
API Token
The preferred authorization scheme for interacting with the Cloudflare API. Create a token.
Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYYAPI Email + API Key
The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.
X-Auth-Email: user@example.comThe previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.
X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194Accepted Permissions (at least one required)
Access: Organizations, Identity Providers, and Groups WriteParametersExpand Collapse
params IdentityProviderUpdateParams
Body param
ReturnsExpand Collapse
type IdentityProvider interface{…}
type AzureAD struct{…}
Config AzureADConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Should Cloudflare try to load authentication contexts from your account
Prompt AzureADConfigPromptOptionalIndicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn’t presented with any interactive prompt. If the request can’t be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.
Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn’t presented with any interactive prompt. If the request can’t be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet AzureADSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate AzureADSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessCentrify struct{…}
Config IdentityProviderAccessCentrifyConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessCentrifySAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessCentrifySAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessFacebook struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessFacebookSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessFacebookSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessGitHub struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessGitHubSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessGitHubSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessGoogle struct{…}
Config IdentityProviderAccessGoogleConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessGoogleSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessGoogleSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessGoogleApps struct{…}
Config IdentityProviderAccessGoogleAppsConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessGoogleAppsSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessGoogleAppsSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessLinkedin struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessLinkedinSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessLinkedinSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessOIDC struct{…}
Config IdentityProviderAccessOIDCConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessOIDCSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessOIDCSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessOkta struct{…}
Config IdentityProviderAccessOktaConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessOktaSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessOktaSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessOnelogin struct{…}
Config IdentityProviderAccessOneloginConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessOneloginSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessOneloginSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessPingone struct{…}
Config IdentityProviderAccessPingoneConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessPingoneSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessPingoneSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessSAML struct{…}
Config IdentityProviderAccessSAMLConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules.
Enable SAML assertion encryption. When enabled, the Identity Provider will encrypt SAML assertions using the certificate from the assigned certificate set.
To enable encryption:
- Create a certificate set via POST to
/identity_providers/{id}/saml_certificate - Set this field to
trueand includesaml_certificate_set_idin the PUT request - Configure the public certificate in your external Identity Provider
Note: Requires saml_certificate_set_id to be set when true.
HeaderAttributes []IdentityProviderAccessSAMLConfigHeaderAttributeOptionalAdd a list of attribute names that will be returned in the response header from the Access callback.
Add a list of attribute names that will be returned in the response header from the Access callback.
X509 certificate to verify the signature in the SAML authentication response
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessSAMLSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessSAMLSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessYandex struct{…}
Config GenericOAuthConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessYandexSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessYandexSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessOnetimepin struct{…}
Config IdentityProviderAccessOnetimepinConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessOnetimepinSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessOnetimepinSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
type IdentityProviderAccessCloudflare struct{…}
Config IdentityProviderAccessCloudflareConfigThe configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.
Type IdentityProviderTypeThe type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
SAMLCertificateSet IdentityProviderAccessCloudflareSAMLCertificateSetOptionalThe SAML encryption certificate set details, including current and previous certificates.
Only present for SAML identity providers with a certificate set assigned.
The SAML encryption certificate set details, including current and previous certificates. Only present for SAML identity providers with a certificate set assigned.
Timestamp when the certificate set was last updated (e.g., during rotation)
CurrentCertificate IdentityProviderAccessCloudflareSAMLCertificateSetCurrentCertificateOptionalThe currently active certificate used for encrypting SAML assertions
The currently active certificate used for encrypting SAML assertions
The UID of the SAML encryption certificate set assigned to this Identity Provider.
Only present for SAML identity providers with encryption configured.
Create a certificate set via POST to /identity_providers/{id}/saml_certificate.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
IdentityUpdateBehavior IdentityProviderSCIMConfigIdentityUpdateBehaviorOptionalIndicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
Indicates how a SCIM event updates a user identity used for policy evaluation. Use “automatic” to automatically update a user’s identity and augment it with fields from the SCIM user resource. Use “reauth” to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With “reauth” identities will not contain fields from the SCIM user resource. With “no_action” identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
A flag to remove a user’s seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.
Update an Access identity provider
package main
import (
"context"
"fmt"
"github.com/cloudflare/cloudflare-go"
"github.com/cloudflare/cloudflare-go/option"
"github.com/cloudflare/cloudflare-go/zero_trust"
)
func main() {
client := cloudflare.NewClient(
option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
)
identityProvider, err := client.ZeroTrust.IdentityProviders.Update(
context.TODO(),
"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
zero_trust.IdentityProviderUpdateParams{
IdentityProvider: zero_trust.AzureADParam{
Config: cloudflare.F(zero_trust.AzureADConfigParam{
}),
Name: cloudflare.F("Widget Corps IDP"),
Type: cloudflare.F(zero_trust.IdentityProviderTypeOnetimepin),
},
},
)
if err != nil {
panic(err.Error())
}
fmt.Printf("%+v\n", identityProvider)
}
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"success": true,
"result": {
"config": {
"claims": [
"email_verified",
"preferred_username",
"custom_claim_name"
],
"client_id": "<your client id>",
"client_secret": "<your client secret>",
"conditional_access_enabled": true,
"directory_id": "<your azure directory uuid>",
"email_claim_name": "custom_claim_name",
"prompt": "login",
"support_groups": true
},
"name": "Widget Corps IDP",
"type": "onetimepin",
"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"saml_certificate_set": {
"created_at": "2026-05-07T19:16:19.821162Z",
"uid": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"updated_at": "2026-05-07T19:16:19.821162Z",
"current_certificate": {
"is_current": true,
"not_after": "2027-05-07T19:11:00Z",
"public_certificate": "-----BEGIN CERTIFICATE-----\nMIIEpzCCA4+gAwIBAgIUTh2VSDDJ0oB/gabio6j1L9QwWoUwDQYJKoZIhvcNAQEL\n...\n-----END CERTIFICATE-----\n",
"uid": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
},
"previous_certificate": {}
},
"saml_certificate_set_id": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"scim_config": {
"enabled": true,
"identity_update_behavior": "automatic",
"scim_base_url": "scim_base_url",
"seat_deprovision": true,
"secret": "secret",
"user_deprovision": true
}
}
}Returns Examples
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"success": true,
"result": {
"config": {
"claims": [
"email_verified",
"preferred_username",
"custom_claim_name"
],
"client_id": "<your client id>",
"client_secret": "<your client secret>",
"conditional_access_enabled": true,
"directory_id": "<your azure directory uuid>",
"email_claim_name": "custom_claim_name",
"prompt": "login",
"support_groups": true
},
"name": "Widget Corps IDP",
"type": "onetimepin",
"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"saml_certificate_set": {
"created_at": "2026-05-07T19:16:19.821162Z",
"uid": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"updated_at": "2026-05-07T19:16:19.821162Z",
"current_certificate": {
"is_current": true,
"not_after": "2027-05-07T19:11:00Z",
"public_certificate": "-----BEGIN CERTIFICATE-----\nMIIEpzCCA4+gAwIBAgIUTh2VSDDJ0oB/gabio6j1L9QwWoUwDQYJKoZIhvcNAQEL\n...\n-----END CERTIFICATE-----\n",
"uid": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
},
"previous_certificate": {}
},
"saml_certificate_set_id": "c409ef44-e72c-41c8-8c0b-278c8a6f4fd8",
"scim_config": {
"enabled": true,
"identity_update_behavior": "automatic",
"scim_base_url": "scim_base_url",
"seat_deprovision": true,
"secret": "secret",
"user_deprovision": true
}
}
}