Add SAML Identity Provider
POST/idps/saml
Add SAML Identity Provider
Request​
Header Parameters
The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.
- application/json
- application/grpc
- application/grpc-web+proto
Body
required
Metadata of the SAML identity provider.
Url to the metadata of the SAML identity provider.
Possible values: [SAML_BINDING_UNSPECIFIED
, SAML_BINDING_POST
, SAML_BINDING_REDIRECT
, SAML_BINDING_ARTIFACT
]
Default value: SAML_BINDING_UNSPECIFIED
Binding which defines the type of communication with the identity provider.
Boolean which defines if the authentication requests are signed.
providerOptions
object
Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.
Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.
Enable if a new account in ZITADEL should be created automatically when login with an external account.
Enable if a the ZITADEL account fields should be updated automatically on each login.
Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED
, AUTO_LINKING_OPTION_USERNAME
, AUTO_LINKING_OPTION_EMAIL
]
Default value: AUTO_LINKING_OPTION_UNSPECIFIED
Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.
Possible values: [SAML_NAME_ID_FORMAT_UNSPECIFIED
, SAML_NAME_ID_FORMAT_EMAIL_ADDRESS
, SAML_NAME_ID_FORMAT_PERSISTENT
, SAML_NAME_ID_FORMAT_TRANSIENT
]
Default value: SAML_NAME_ID_FORMAT_UNSPECIFIED
Optionally specify the nameid-format
requested.
Optionally specify the name of the attribute, which will be used to map the user
in case the nameid-format returned is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
.
Body
required
Metadata of the SAML identity provider.
Url to the metadata of the SAML identity provider.
Possible values: [SAML_BINDING_UNSPECIFIED
, SAML_BINDING_POST
, SAML_BINDING_REDIRECT
, SAML_BINDING_ARTIFACT
]
Default value: SAML_BINDING_UNSPECIFIED
Binding which defines the type of communication with the identity provider.
Boolean which defines if the authentication requests are signed.
providerOptions
object
Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.
Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.
Enable if a new account in ZITADEL should be created automatically when login with an external account.
Enable if a the ZITADEL account fields should be updated automatically on each login.
Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED
, AUTO_LINKING_OPTION_USERNAME
, AUTO_LINKING_OPTION_EMAIL
]
Default value: AUTO_LINKING_OPTION_UNSPECIFIED
Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.
Possible values: [SAML_NAME_ID_FORMAT_UNSPECIFIED
, SAML_NAME_ID_FORMAT_EMAIL_ADDRESS
, SAML_NAME_ID_FORMAT_PERSISTENT
, SAML_NAME_ID_FORMAT_TRANSIENT
]
Default value: SAML_NAME_ID_FORMAT_UNSPECIFIED
Optionally specify the nameid-format
requested.
Optionally specify the name of the attribute, which will be used to map the user
in case the nameid-format returned is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
.
Body
required
Metadata of the SAML identity provider.
Url to the metadata of the SAML identity provider.
Possible values: [SAML_BINDING_UNSPECIFIED
, SAML_BINDING_POST
, SAML_BINDING_REDIRECT
, SAML_BINDING_ARTIFACT
]
Default value: SAML_BINDING_UNSPECIFIED
Binding which defines the type of communication with the identity provider.
Boolean which defines if the authentication requests are signed.
providerOptions
object
Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.
Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.
Enable if a new account in ZITADEL should be created automatically when login with an external account.
Enable if a the ZITADEL account fields should be updated automatically on each login.
Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED
, AUTO_LINKING_OPTION_USERNAME
, AUTO_LINKING_OPTION_EMAIL
]
Default value: AUTO_LINKING_OPTION_UNSPECIFIED
Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.
Possible values: [SAML_NAME_ID_FORMAT_UNSPECIFIED
, SAML_NAME_ID_FORMAT_EMAIL_ADDRESS
, SAML_NAME_ID_FORMAT_PERSISTENT
, SAML_NAME_ID_FORMAT_TRANSIENT
]
Default value: SAML_NAME_ID_FORMAT_UNSPECIFIED
Optionally specify the nameid-format
requested.
Optionally specify the name of the attribute, which will be used to map the user
in case the nameid-format returned is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
.
Responses​
- 200
- default
A successful response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the
{
"details": {
"sequence": "2",
"creationDate": "2024-12-06T11:34:48.357Z",
"changeDate": "2024-12-06T11:34:48.357Z",
"resourceOwner": "69629023906488334"
},
"id": "string"
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the
{
"details": {
"sequence": "2",
"creationDate": "2024-12-06T11:34:48.357Z",
"changeDate": "2024-12-06T11:34:48.357Z",
"resourceOwner": "69629023906488334"
},
"id": "string"
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the
{
"details": {
"sequence": "2",
"creationDate": "2024-12-06T11:34:48.357Z",
"changeDate": "2024-12-06T11:34:48.357Z",
"resourceOwner": "69629023906488334"
},
"id": "string"
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}