API Reference

Zero Trust

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Identity Providers

List Access identity providers

GET/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers

Get an Access identity provider

GET/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}

Add an Access identity provider

POST/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers

Update an Access identity provider

PUT/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}

Delete an Access identity provider

DELETE/{accounts_or_zones}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}

ModelsExpand Collapse

AzureAD = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, 5 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

conditional_access_enabled: optional boolean

Should Cloudflare try to load authentication contexts from your account

directory_id: optional string

Your Azure directory uuid

email_claim_name: optional string

The claim name for email in the id_token response.

prompt: optional "login" or "select_account" or "none"

Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.

One of the following:

"login"

"select_account"

"none"

support_groups: optional boolean

Should Cloudflare try to load groups from your account

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

GenericOAuthConfig = object { client_id, client_secret }

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

IdentityProvider = AzureAD { config, name, type, 2 more } or object { config, name, type, 2 more } or object { config, name, type, 2 more } or 11 more

One of the following:

AzureAD = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, 5 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

conditional_access_enabled: optional boolean

Should Cloudflare try to load authentication contexts from your account

directory_id: optional string

Your Azure directory uuid

email_claim_name: optional string

The claim name for email in the id_token response.

prompt: optional "login" or "select_account" or "none"

Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.

One of the following:

"login"

"select_account"

"none"

support_groups: optional boolean

Should Cloudflare try to load groups from your account

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessCentrify = object { config, name, type, 2 more }

config: object { centrify_account, centrify_app_id, claims, 3 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

centrify_account: optional string

Your centrify account url

centrify_app_id: optional string

Your centrify app id

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessFacebook = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessGitHub = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessGoogle = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, email_claim_name }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessGoogleApps = object { config, name, type, 2 more }

config: object { apps_domain, claims, client_id, 2 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

apps_domain: optional string

Your companies TLD

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessLinkedin = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessOIDC = object { config, name, type, 2 more }

config: object { auth_url, certs_url, claims, 6 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

auth_url: optional string

The authorization_endpoint URL of your IdP

certs_url: optional string

The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

pkce_enabled: optional boolean

Enable Proof Key for Code Exchange (PKCE)

scopes: optional array of string

OAuth scopes

token_url: optional string

The token_endpoint URL of your IdP

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessOkta = object { config, name, type, 2 more }

config: object { authorization_server_id, claims, client_id, 3 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

authorization_server_id: optional string

Your okta authorization server id

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

okta_account: optional string

Your okta account url

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessOnelogin = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, 2 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

onelogin_account: optional string

Your OneLogin account url

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessPingone = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, 2 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

ping_env_id: optional string

Your PingOne environment identifier

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessSAML = object { config, name, type, 2 more }

config: object { attributes, email_attribute_name, header_attributes, 4 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

attributes: optional array of string

A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules.

email_attribute_name: optional string

The attribute name for email in the SAML response.

header_attributes: optional array of object { attribute_name, header_name }

Add a list of attribute names that will be returned in the response header from the Access callback.

attribute_name: optional string

attribute name from the IDP

header_name: optional string

header that will be added on the request to the origin

idp_public_certs: optional array of string

X509 certificate to verify the signature in the SAML authentication response

issuer_url: optional string

IdP Entity ID or Issuer URL

sign_request: optional boolean

Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints.

sso_target_url: optional string

URL to send the SAML authentication requests to

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessYandex = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessOnetimepin = object { config, name, type, 2 more }

config: object { redirect_url }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

redirect_url: optional string

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

IdentityProviderSCIMConfig = object { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

enabled: optional boolean

A flag to enable or disable SCIM for the identity provider.

identity_update_behavior: optional "automatic" or "reauth" or "no_action"

Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.

One of the following:

"automatic"

"reauth"

"no_action"

scim_base_url: optional string

The base URL of Cloudflare's SCIM V2.0 API endpoint.

seat_deprovision: optional boolean

A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.

secret: optional string

A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it at /access/identity_providers/:idpID/refresh_scim_secret.

user_deprovision: optional boolean

A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.

IdentityProviderType = "onetimepin" or "azureAD" or "saml" or 11 more

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

One of the following:

"onetimepin"

"azureAD"

"saml"

"centrify"

"facebook"

"github"

"google-apps"

"google"

"linkedin"

"oidc"

"okta"

"onelogin"

"pingone"

"yandex"

IdentityProviderListResponse = AzureAD { config, name, type, 2 more } or object { config, name, type, 2 more } or object { config, name, type, 2 more } or 10 more

One of the following:

AzureAD = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, 5 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

conditional_access_enabled: optional boolean

Should Cloudflare try to load authentication contexts from your account

directory_id: optional string

Your Azure directory uuid

email_claim_name: optional string

The claim name for email in the id_token response.

prompt: optional "login" or "select_account" or "none"

Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error. prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.

One of the following:

"login"

"select_account"

"none"

support_groups: optional boolean

Should Cloudflare try to load groups from your account

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessCentrify = object { config, name, type, 2 more }

config: object { centrify_account, centrify_app_id, claims, 3 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

centrify_account: optional string

Your centrify account url

centrify_app_id: optional string

Your centrify app id

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessFacebook = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessGitHub = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessGoogle = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, email_claim_name }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessGoogleApps = object { config, name, type, 2 more }

config: object { apps_domain, claims, client_id, 2 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

apps_domain: optional string

Your companies TLD

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessLinkedin = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessOIDC = object { config, name, type, 2 more }

config: object { auth_url, certs_url, claims, 6 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

auth_url: optional string

The authorization_endpoint URL of your IdP

certs_url: optional string

The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

pkce_enabled: optional boolean

Enable Proof Key for Code Exchange (PKCE)

scopes: optional array of string

OAuth scopes

token_url: optional string

The token_endpoint URL of your IdP

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessOkta = object { config, name, type, 2 more }

config: object { authorization_server_id, claims, client_id, 3 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

authorization_server_id: optional string

Your okta authorization server id

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

okta_account: optional string

Your okta account url

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessOnelogin = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, 2 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

onelogin_account: optional string

Your OneLogin account url

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessPingone = object { config, name, type, 2 more }

config: object { claims, client_id, client_secret, 2 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

claims: optional array of string

Custom claims

client_id: optional string

Your OAuth Client ID

client_secret: optional string

Your OAuth Client Secret

email_claim_name: optional string

The claim name for email in the id_token response.

ping_env_id: optional string

Your PingOne environment identifier

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessSAML = object { config, name, type, 2 more }

config: object { attributes, email_attribute_name, header_attributes, 4 more }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

attributes: optional array of string

A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules.

email_attribute_name: optional string

The attribute name for email in the SAML response.

header_attributes: optional array of object { attribute_name, header_name }

Add a list of attribute names that will be returned in the response header from the Access callback.

attribute_name: optional string

attribute name from the IDP

header_name: optional string

header that will be added on the request to the origin

idp_public_certs: optional array of string

X509 certificate to verify the signature in the SAML authentication response

issuer_url: optional string

IdP Entity ID or Issuer URL

sign_request: optional boolean

Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints.

sso_target_url: optional string

URL to send the SAML authentication requests to

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

AccessYandex = object { config, name, type, 2 more }

config: GenericOAuthConfig { client_id, client_secret }

The configuration parameters for the identity provider. To view the required parameters for a specific provider, refer to our developer documentation.

name: string

The name of the identity provider, shown to users on the login page.

type: IdentityProviderType

The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.

id: optional string

UUID.

maxLength36

scim_config: optional IdentityProviderSCIMConfig { enabled, identity_update_behavior, scim_base_url, 3 more }

The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.

IdentityProviderDeleteResponse = object { id }

id: optional string

UUID.

maxLength36

Identity ProvidersSCIM

Identity ProvidersSCIMGroups

List SCIM Group resources

GET/accounts/{account_id}/access/identity_providers/{identity_provider_id}/scim/groups

Identity ProvidersSCIMUsers

List SCIM User resources

GET/accounts/{account_id}/access/identity_providers/{identity_provider_id}/scim/users