Skip to main content

Get identity provider (IdP) by ID

GET 
/v2/idps/:id

Returns an identity provider (social/enterprise login) by its ID, which can be of the type Google, AzureAD, etc.

Request​

Path Parameters

    id stringrequired

Responses​

OK

Schema

    idp

    object

    id string

    Unique identifier for the identity provider.

    details

    object

    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to (string)
    state string

    Possible values: [IDP_STATE_UNSPECIFIED, IDP_STATE_ACTIVE, IDP_STATE_INACTIVE, IDP_STATE_REMOVED, IDP_STATE_MIGRATED]

    Default value: IDP_STATE_UNSPECIFIED

    Current state of the identity provider.

    name string
    type string

    Possible values: [IDP_TYPE_UNSPECIFIED, IDP_TYPE_OIDC, IDP_TYPE_JWT, IDP_TYPE_LDAP, IDP_TYPE_OAUTH, IDP_TYPE_AZURE_AD, IDP_TYPE_GITHUB, IDP_TYPE_GITHUB_ES, IDP_TYPE_GITLAB, IDP_TYPE_GITLAB_SELF_HOSTED, IDP_TYPE_GOOGLE, IDP_TYPE_APPLE, IDP_TYPE_SAML]

    Default value: IDP_TYPE_UNSPECIFIED

    Type of the identity provider, for example OIDC, JWT, LDAP and SAML.

    config

    object

    Configuration for the type of the identity provider.

    options

    object

    isLinkingAllowed boolean

    Enable if users should be able to link an existing ZITADEL user with an external account.

    isCreationAllowed boolean

    Enable if users should be able to create a new account in ZITADEL when using an external account.

    isAutoCreation boolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

    isAutoUpdate boolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

    autoLinking string

    Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

    Default value: AUTO_LINKING_OPTION_UNSPECIFIED

    Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

    ldap

    object

    servers string[]
    startTls boolean
    baseDn string
    bindDn string
    userBase string
    userObjectClasses string[]
    userFilters string[]
    timeout string

    attributes

    object

    idAttribute string
    firstNameAttribute string
    lastNameAttribute string
    displayNameAttribute string
    nickNameAttribute string
    preferredUsernameAttribute string
    emailAttribute string
    emailVerifiedAttribute string
    phoneAttribute string
    phoneVerifiedAttribute string
    preferredLanguageAttribute string
    avatarUrlAttribute string
    profileAttribute string

    google

    object

    clientId string

    Client id of the Google application.

    scopes string[]

    The scopes requested by ZITADEL during the request to Google.

    oauth

    object

    clientId string

    Client id generated by the identity provider.

    authorizationEndpoint string

    The endpoint where ZITADEL send the user to authenticate.

    tokenEndpoint string

    The endpoint where ZITADEL can get the token.

    userEndpoint string

    The endpoint where ZITADEL can get the user information.

    scopes string[]

    The scopes requested by ZITADEL during the request on the identity provider.

    idAttribute string

    Defines how the attribute is called where ZITADEL can get the id of the user.

    oidc

    object

    issuer string

    The OIDC issuer of the identity provider.

    clientId string

    Client id generated by the identity provider.

    scopes string[]

    The scopes requested by ZITADEL during the request on the identity provider.

    isIdTokenMapping boolean

    If true, provider information get mapped from the id token, not from the userinfo endpoint.

    jwt

    object

    jwtEndpoint string

    The endpoint where the JWT can be extracted.

    issuer string

    The issuer of the JWT (for validation).

    keysEndpoint string

    The endpoint to the key (JWK) which is used to sign the JWT with.

    headerName string

    The name of the header where the JWT is sent in, default is authorization.

    github

    object

    clientId string

    The client ID of the GitHub App.

    scopes string[]

    The scopes requested by ZITADEL during the request to GitHub.

    githubEs

    object

    clientId string

    The client ID of the GitHub App.

    authorizationEndpoint string
    tokenEndpoint string
    userEndpoint string
    scopes string[]

    The scopes requested by ZITADEL during the request to GitHub.

    gitlab

    object

    clientId string

    Client id of the GitLab application.

    scopes string[]

    The scopes requested by ZITADEL during the request to GitLab.

    gitlabSelfHosted

    object

    issuer string
    clientId string

    Client id of the GitLab application.

    scopes string[]

    The scopes requested by ZITADEL during the request to GitLab.

    azureAd

    object

    clientId Client id of the Azure AD application (string)

    tenant

    object

    Defines what user accounts should be able to login (Personal, Organizational, All).

    tenantType string

    Possible values: [AZURE_AD_TENANT_TYPE_COMMON, AZURE_AD_TENANT_TYPE_ORGANISATIONS, AZURE_AD_TENANT_TYPE_CONSUMERS]

    Default value: AZURE_AD_TENANT_TYPE_COMMON

    tenantId string
    emailVerified boolean

    Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent).

    scopes string[]

    The scopes requested by ZITADEL during the request to Azure AD.

    apple

    object

    clientId string

    Client id (App ID or Service ID) provided by Apple.

    teamId string

    Team ID provided by Apple.

    keyId string

    ID of the private key generated by Apple.

    scopes string[]

    The scopes requested by ZITADEL during the request to Apple.

    saml

    object

    metadataXml byte

    Metadata of the SAML identity provider.

    binding string

    Possible values: [SAML_BINDING_UNSPECIFIED, SAML_BINDING_POST, SAML_BINDING_REDIRECT, SAML_BINDING_ARTIFACT]

    Default value: SAML_BINDING_UNSPECIFIED

    Binding which defines the type of communication with the identity provider.

    withSignedRequest boolean

    Boolean which defines if the authentication requests are signed.

    nameIdFormat string

    Possible values: [SAML_NAME_ID_FORMAT_UNSPECIFIED, SAML_NAME_ID_FORMAT_EMAIL_ADDRESS, SAML_NAME_ID_FORMAT_PERSISTENT, SAML_NAME_ID_FORMAT_TRANSIENT]

    Default value: SAML_NAME_ID_FORMAT_UNSPECIFIED

    nameid-format for the SAML Request.

    transientMappingAttributeName string

    Optional name of the attribute, which will be used to map the user in case the nameid-format returned is urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

Loading...