# Identity Providers ## List Access identity providers `zero_trust.identity_providers.list(IdentityProviderListParams**kwargs) -> SyncV4PagePaginationArray[IdentityProviderListResponse]` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers` Lists all configured identity providers. ### Parameters - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `page: Optional[int]` Page number of results. - `per_page: Optional[int]` Number of results per page. - `scim_enabled: Optional[str]` Indicates to Access to only retrieve identity providers that have the System for Cross-Domain Identity Management (SCIM) enabled. ### Returns - `IdentityProviderListResponse` - `class AzureAD: …` - `config: Config` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `class AccessCentrify: …` - `config: AccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `centrify_account: Optional[str]` Your centrify account url - `centrify_app_id: Optional[str]` Your centrify app id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessFacebook: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGitHub: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogle: …` - `config: AccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogleApps: …` - `config: AccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `apps_domain: Optional[str]` Your companies TLD - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessLinkedin: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOIDC: …` - `config: AccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `auth_url: Optional[str]` The authorization_endpoint URL of your IdP - `certs_url: Optional[str]` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `pkce_enabled: Optional[bool]` Enable Proof Key for Code Exchange (PKCE) - `scopes: Optional[List[str]]` OAuth scopes - `token_url: Optional[str]` The token_endpoint URL of your IdP - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOkta: …` - `config: AccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `authorization_server_id: Optional[str]` Your okta authorization server id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `okta_account: Optional[str]` Your okta account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnelogin: …` - `config: AccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `onelogin_account: Optional[str]` Your OneLogin account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessPingone: …` - `config: AccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `ping_env_id: Optional[str]` Your PingOne environment identifier - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessSAML: …` - `config: AccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `attributes: Optional[List[str]]` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `email_attribute_name: Optional[str]` The attribute name for email in the SAML response. - `header_attributes: Optional[List[AccessSAMLConfigHeaderAttribute]]` Add a list of attribute names that will be returned in the response header from the Access callback. - `attribute_name: Optional[str]` attribute name from the IDP - `header_name: Optional[str]` header that will be added on the request to the origin - `idp_public_certs: Optional[List[str]]` X509 certificate to verify the signature in the SAML authentication response - `issuer_url: Optional[str]` IdP Entity ID or Issuer URL - `sign_request: Optional[bool]` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `sso_target_url: Optional[str]` URL to send the SAML authentication requests to - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessYandex: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.identity_providers.list( account_id="account_id", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get an Access identity provider `zero_trust.identity_providers.get(stridentity_provider_id, IdentityProviderGetParams**kwargs) -> IdentityProvider` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}` Fetches a configured identity provider. ### Parameters - `identity_provider_id: str` UUID. - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `IdentityProvider` - `class AzureAD: …` - `config: Config` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `class AccessCentrify: …` - `config: AccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `centrify_account: Optional[str]` Your centrify account url - `centrify_app_id: Optional[str]` Your centrify app id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessFacebook: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGitHub: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogle: …` - `config: AccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogleApps: …` - `config: AccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `apps_domain: Optional[str]` Your companies TLD - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessLinkedin: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOIDC: …` - `config: AccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `auth_url: Optional[str]` The authorization_endpoint URL of your IdP - `certs_url: Optional[str]` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `pkce_enabled: Optional[bool]` Enable Proof Key for Code Exchange (PKCE) - `scopes: Optional[List[str]]` OAuth scopes - `token_url: Optional[str]` The token_endpoint URL of your IdP - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOkta: …` - `config: AccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `authorization_server_id: Optional[str]` Your okta authorization server id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `okta_account: Optional[str]` Your okta account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnelogin: …` - `config: AccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `onelogin_account: Optional[str]` Your OneLogin account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessPingone: …` - `config: AccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `ping_env_id: Optional[str]` Your PingOne environment identifier - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessSAML: …` - `config: AccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `attributes: Optional[List[str]]` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `email_attribute_name: Optional[str]` The attribute name for email in the SAML response. - `header_attributes: Optional[List[AccessSAMLConfigHeaderAttribute]]` Add a list of attribute names that will be returned in the response header from the Access callback. - `attribute_name: Optional[str]` attribute name from the IDP - `header_name: Optional[str]` header that will be added on the request to the origin - `idp_public_certs: Optional[List[str]]` X509 certificate to verify the signature in the SAML authentication response - `issuer_url: Optional[str]` IdP Entity ID or Issuer URL - `sign_request: Optional[bool]` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `sso_target_url: Optional[str]` URL to send the SAML authentication requests to - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessYandex: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnetimepin: …` - `config: AccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `redirect_url: Optional[str]` - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) identity_provider = client.zero_trust.identity_providers.get( identity_provider_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="account_id", ) print(identity_provider) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } } ``` ## Add an Access identity provider `zero_trust.identity_providers.create(IdentityProviderCreateParams**kwargs) -> IdentityProvider` **post** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers` Adds a new identity provider to Access. ### Parameters - `config: AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[SequenceNotStr[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `scim_config: Optional[IdentityProviderSCIMConfigParam]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. ### Returns - `IdentityProvider` - `class AzureAD: …` - `config: Config` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `class AccessCentrify: …` - `config: AccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `centrify_account: Optional[str]` Your centrify account url - `centrify_app_id: Optional[str]` Your centrify app id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessFacebook: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGitHub: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogle: …` - `config: AccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogleApps: …` - `config: AccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `apps_domain: Optional[str]` Your companies TLD - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessLinkedin: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOIDC: …` - `config: AccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `auth_url: Optional[str]` The authorization_endpoint URL of your IdP - `certs_url: Optional[str]` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `pkce_enabled: Optional[bool]` Enable Proof Key for Code Exchange (PKCE) - `scopes: Optional[List[str]]` OAuth scopes - `token_url: Optional[str]` The token_endpoint URL of your IdP - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOkta: …` - `config: AccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `authorization_server_id: Optional[str]` Your okta authorization server id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `okta_account: Optional[str]` Your okta account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnelogin: …` - `config: AccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `onelogin_account: Optional[str]` Your OneLogin account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessPingone: …` - `config: AccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `ping_env_id: Optional[str]` Your PingOne environment identifier - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessSAML: …` - `config: AccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `attributes: Optional[List[str]]` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `email_attribute_name: Optional[str]` The attribute name for email in the SAML response. - `header_attributes: Optional[List[AccessSAMLConfigHeaderAttribute]]` Add a list of attribute names that will be returned in the response header from the Access callback. - `attribute_name: Optional[str]` attribute name from the IDP - `header_name: Optional[str]` header that will be added on the request to the origin - `idp_public_certs: Optional[List[str]]` X509 certificate to verify the signature in the SAML authentication response - `issuer_url: Optional[str]` IdP Entity ID or Issuer URL - `sign_request: Optional[bool]` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `sso_target_url: Optional[str]` URL to send the SAML authentication requests to - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessYandex: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnetimepin: …` - `config: AccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `redirect_url: Optional[str]` - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) identity_provider = client.zero_trust.identity_providers.create( config={}, name="Widget Corps IDP", type="onetimepin", account_id="account_id", ) print(identity_provider) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } } ``` ## Update an Access identity provider `zero_trust.identity_providers.update(stridentity_provider_id, IdentityProviderUpdateParams**kwargs) -> IdentityProvider` **put** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}` Updates a configured identity provider. ### Parameters - `identity_provider_id: str` UUID. - `config: AzureADConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[SequenceNotStr[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `scim_config: Optional[IdentityProviderSCIMConfigParam]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. ### Returns - `IdentityProvider` - `class AzureAD: …` - `config: Config` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `class AccessCentrify: …` - `config: AccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `centrify_account: Optional[str]` Your centrify account url - `centrify_app_id: Optional[str]` Your centrify app id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessFacebook: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGitHub: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogle: …` - `config: AccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogleApps: …` - `config: AccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `apps_domain: Optional[str]` Your companies TLD - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessLinkedin: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOIDC: …` - `config: AccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `auth_url: Optional[str]` The authorization_endpoint URL of your IdP - `certs_url: Optional[str]` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `pkce_enabled: Optional[bool]` Enable Proof Key for Code Exchange (PKCE) - `scopes: Optional[List[str]]` OAuth scopes - `token_url: Optional[str]` The token_endpoint URL of your IdP - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOkta: …` - `config: AccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `authorization_server_id: Optional[str]` Your okta authorization server id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `okta_account: Optional[str]` Your okta account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnelogin: …` - `config: AccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `onelogin_account: Optional[str]` Your OneLogin account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessPingone: …` - `config: AccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `ping_env_id: Optional[str]` Your PingOne environment identifier - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessSAML: …` - `config: AccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `attributes: Optional[List[str]]` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `email_attribute_name: Optional[str]` The attribute name for email in the SAML response. - `header_attributes: Optional[List[AccessSAMLConfigHeaderAttribute]]` Add a list of attribute names that will be returned in the response header from the Access callback. - `attribute_name: Optional[str]` attribute name from the IDP - `header_name: Optional[str]` header that will be added on the request to the origin - `idp_public_certs: Optional[List[str]]` X509 certificate to verify the signature in the SAML authentication response - `issuer_url: Optional[str]` IdP Entity ID or Issuer URL - `sign_request: Optional[bool]` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `sso_target_url: Optional[str]` URL to send the SAML authentication requests to - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessYandex: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnetimepin: …` - `config: AccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `redirect_url: Optional[str]` - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) identity_provider = client.zero_trust.identity_providers.update( identity_provider_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", config={}, name="Widget Corps IDP", type="onetimepin", account_id="account_id", ) print(identity_provider) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "config": { "claims": [ "email_verified", "preferred_username", "custom_claim_name" ], "client_id": "", "client_secret": "", "conditional_access_enabled": true, "directory_id": "", "email_claim_name": "custom_claim_name", "prompt": "login", "support_groups": true }, "name": "Widget Corps IDP", "type": "onetimepin", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "scim_config": { "enabled": true, "identity_update_behavior": "automatic", "scim_base_url": "scim_base_url", "seat_deprovision": true, "secret": "secret", "user_deprovision": true } } } ``` ## Delete an Access identity provider `zero_trust.identity_providers.delete(stridentity_provider_id, IdentityProviderDeleteParams**kwargs) -> IdentityProviderDeleteResponse` **delete** `/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}` Deletes an identity provider from Access. ### Parameters - `identity_provider_id: str` UUID. - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `class IdentityProviderDeleteResponse: …` - `id: Optional[str]` UUID. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) identity_provider = client.zero_trust.identity_providers.delete( identity_provider_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="account_id", ) print(identity_provider.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Azure AD - `class AzureAD: …` - `config: Config` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. ### Generic OAuth Config - `class GenericOAuthConfig: …` - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret ### Identity Provider - `IdentityProvider` - `class AzureAD: …` - `config: Config` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `class AccessCentrify: …` - `config: AccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `centrify_account: Optional[str]` Your centrify account url - `centrify_app_id: Optional[str]` Your centrify app id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessFacebook: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGitHub: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogle: …` - `config: AccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogleApps: …` - `config: AccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `apps_domain: Optional[str]` Your companies TLD - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessLinkedin: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOIDC: …` - `config: AccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `auth_url: Optional[str]` The authorization_endpoint URL of your IdP - `certs_url: Optional[str]` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `pkce_enabled: Optional[bool]` Enable Proof Key for Code Exchange (PKCE) - `scopes: Optional[List[str]]` OAuth scopes - `token_url: Optional[str]` The token_endpoint URL of your IdP - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOkta: …` - `config: AccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `authorization_server_id: Optional[str]` Your okta authorization server id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `okta_account: Optional[str]` Your okta account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnelogin: …` - `config: AccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `onelogin_account: Optional[str]` Your OneLogin account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessPingone: …` - `config: AccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `ping_env_id: Optional[str]` Your PingOne environment identifier - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessSAML: …` - `config: AccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `attributes: Optional[List[str]]` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `email_attribute_name: Optional[str]` The attribute name for email in the SAML response. - `header_attributes: Optional[List[AccessSAMLConfigHeaderAttribute]]` Add a list of attribute names that will be returned in the response header from the Access callback. - `attribute_name: Optional[str]` attribute name from the IDP - `header_name: Optional[str]` header that will be added on the request to the origin - `idp_public_certs: Optional[List[str]]` X509 certificate to verify the signature in the SAML authentication response - `issuer_url: Optional[str]` IdP Entity ID or Issuer URL - `sign_request: Optional[bool]` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `sso_target_url: Optional[str]` URL to send the SAML authentication requests to - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessYandex: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnetimepin: …` - `config: AccessOnetimepinConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `redirect_url: Optional[str]` - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Identity Provider SCIM Config - `class IdentityProviderSCIMConfig: …` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. ### Identity Provider Type - `Literal["onetimepin", "azureAD", "saml", 11 more]` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` ### Identity Provider List Response - `IdentityProviderListResponse` - `class AzureAD: …` - `config: Config` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `conditional_access_enabled: Optional[bool]` Should Cloudflare try to load authentication contexts from your account - `directory_id: Optional[str]` Your Azure directory uuid - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `prompt: Optional[Literal["login", "select_account", "none"]]` Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. - `"login"` - `"select_account"` - `"none"` - `support_groups: Optional[bool]` Should Cloudflare try to load groups from your account - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `"onetimepin"` - `"azureAD"` - `"saml"` - `"centrify"` - `"facebook"` - `"github"` - `"google-apps"` - `"google"` - `"linkedin"` - `"oidc"` - `"okta"` - `"onelogin"` - `"pingone"` - `"yandex"` - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `enabled: Optional[bool]` A flag to enable or disable SCIM for the identity provider. - `identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]]` Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. - `"automatic"` - `"reauth"` - `"no_action"` - `scim_base_url: Optional[str]` The base URL of Cloudflare's SCIM V2.0 API endpoint. - `seat_deprovision: Optional[bool]` A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. - `secret: Optional[str]` A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret. - `user_deprovision: Optional[bool]` A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. - `class AccessCentrify: …` - `config: AccessCentrifyConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `centrify_account: Optional[str]` Your centrify account url - `centrify_app_id: Optional[str]` Your centrify app id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessFacebook: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGitHub: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogle: …` - `config: AccessGoogleConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessGoogleApps: …` - `config: AccessGoogleAppsConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `apps_domain: Optional[str]` Your companies TLD - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessLinkedin: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOIDC: …` - `config: AccessOIDCConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `auth_url: Optional[str]` The authorization_endpoint URL of your IdP - `certs_url: Optional[str]` The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `pkce_enabled: Optional[bool]` Enable Proof Key for Code Exchange (PKCE) - `scopes: Optional[List[str]]` OAuth scopes - `token_url: Optional[str]` The token_endpoint URL of your IdP - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOkta: …` - `config: AccessOktaConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `authorization_server_id: Optional[str]` Your okta authorization server id - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `okta_account: Optional[str]` Your okta account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessOnelogin: …` - `config: AccessOneloginConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `onelogin_account: Optional[str]` Your OneLogin account url - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessPingone: …` - `config: AccessPingoneConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `claims: Optional[List[str]]` Custom claims - `client_id: Optional[str]` Your OAuth Client ID - `client_secret: Optional[str]` Your OAuth Client Secret - `email_claim_name: Optional[str]` The claim name for email in the id_token response. - `ping_env_id: Optional[str]` Your PingOne environment identifier - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessSAML: …` - `config: AccessSAMLConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `attributes: Optional[List[str]]` A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules. - `email_attribute_name: Optional[str]` The attribute name for email in the SAML response. - `header_attributes: Optional[List[AccessSAMLConfigHeaderAttribute]]` Add a list of attribute names that will be returned in the response header from the Access callback. - `attribute_name: Optional[str]` attribute name from the IDP - `header_name: Optional[str]` header that will be added on the request to the origin - `idp_public_certs: Optional[List[str]]` X509 certificate to verify the signature in the SAML authentication response - `issuer_url: Optional[str]` IdP Entity ID or Issuer URL - `sign_request: Optional[bool]` Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints. - `sso_target_url: Optional[str]` URL to send the SAML authentication requests to - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. - `class AccessYandex: …` - `config: GenericOAuthConfig` The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `name: str` The name of the identity provider, shown to users on the login page. - `type: IdentityProviderType` The type of identity provider. To determine the value for a specific provider, refer to our [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). - `id: Optional[str]` UUID. - `scim_config: Optional[IdentityProviderSCIMConfig]` The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider. ### Identity Provider Delete Response - `class IdentityProviderDeleteResponse: …` - `id: Optional[str]` UUID. # SCIM # Groups ## List SCIM Group resources `zero_trust.identity_providers.scim.groups.list(stridentity_provider_id, GroupListParams**kwargs) -> SyncV4PagePaginationArray[ZeroTrustGroup]` **get** `/accounts/{account_id}/access/identity_providers/{identity_provider_id}/scim/groups` Lists SCIM Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM). ### Parameters - `account_id: str` Identifier. - `identity_provider_id: str` UUID. - `cf_resource_id: Optional[str]` The unique Cloudflare-generated Id of the SCIM Group resource; also known as the "Id". - `idp_resource_id: Optional[str]` The IdP-generated Id of the SCIM Group resource; also known as the "external Id". - `name: Optional[str]` The display name of the SCIM Group resource. - `page: Optional[int]` Page number of results. - `per_page: Optional[int]` Number of results per page. ### Returns - `class ZeroTrustGroup: …` - `id: Optional[str]` The unique Cloudflare-generated Id of the SCIM resource. - `display_name: Optional[str]` The display name of the SCIM Group resource. - `external_id: Optional[str]` The IdP-generated Id of the SCIM resource. - `meta: Optional[Meta]` The metadata of the SCIM resource. - `created: Optional[datetime]` The timestamp of when the SCIM resource was created. - `last_modified: Optional[datetime]` The timestamp of when the SCIM resource was last modified. - `schemas: Optional[List[str]]` The list of URIs which indicate the attributes contained within a SCIM resource. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.identity_providers.scim.groups.list( identity_provider_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "bd97ef8d-7986-43e3-9ee0-c25dda33e4b0", "displayName": "ALL EMPLOYEES", "externalId": "all_employees", "meta": { "created": "2025-01-01T00:00:00Z", "lastModified": "2025-01-02T00:00:00Z" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` # Users ## List SCIM User resources `zero_trust.identity_providers.scim.users.list(stridentity_provider_id, UserListParams**kwargs) -> SyncV4PagePaginationArray[AccessUser]` **get** `/accounts/{account_id}/access/identity_providers/{identity_provider_id}/scim/users` Lists SCIM User resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM). ### Parameters - `account_id: str` Identifier. - `identity_provider_id: str` UUID. - `cf_resource_id: Optional[str]` The unique Cloudflare-generated Id of the SCIM User resource; also known as the "Id". - `email: Optional[str]` The email address of the SCIM User resource. - `idp_resource_id: Optional[str]` The IdP-generated Id of the SCIM User resource; also known as the "external Id". - `name: Optional[str]` The name of the SCIM User resource. - `page: Optional[int]` Page number of results. - `per_page: Optional[int]` Number of results per page. - `username: Optional[str]` The username of the SCIM User resource. ### Returns - `class AccessUser: …` - `id: Optional[str]` The unique Cloudflare-generated Id of the SCIM resource. - `active: Optional[bool]` Determines the status of the SCIM User resource. - `display_name: Optional[str]` The name of the SCIM User resource. - `emails: Optional[List[Email]]` - `primary: Optional[bool]` Indicates if the email address is the primary email belonging to the SCIM User resource. - `type: Optional[str]` Indicates the type of the email address. - `value: Optional[str]` The email address of the SCIM User resource. - `external_id: Optional[str]` The IdP-generated Id of the SCIM resource. - `meta: Optional[Meta]` The metadata of the SCIM resource. - `created: Optional[datetime]` The timestamp of when the SCIM resource was created. - `last_modified: Optional[datetime]` The timestamp of when the SCIM resource was last modified. - `schemas: Optional[List[str]]` The list of URIs which indicate the attributes contained within a SCIM resource. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.identity_providers.scim.users.list( identity_provider_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "bd97ef8d-7986-43e3-9ee0-c25dda33e4b0", "active": true, "displayName": "John Smith", "emails": [ { "primary": true, "type": "work", "value": "john.smith@example.com" } ], "externalId": "john_smith", "meta": { "created": "2025-01-01T00:00:00Z", "lastModified": "2025-01-02T00:00:00Z" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ```