Skip to main content

Get Identity Provider By ID

GET 
/idps/templates/:id

Get Identity Provider By ID

Request​

Path Parameters

    id stringrequired

Header Parameters

    x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

Responses​

A successful response.

Schema

    idp

    object

    id string

    details

    object

    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to (string)
    state string

    Possible values: [IDP_STATE_UNSPECIFIED, IDP_STATE_ACTIVE, IDP_STATE_INACTIVE]

    Default value: IDP_STATE_UNSPECIFIED

    name string
    owner string

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
    type string

    Possible values: [PROVIDER_TYPE_UNSPECIFIED, PROVIDER_TYPE_OIDC, PROVIDER_TYPE_JWT, PROVIDER_TYPE_LDAP, PROVIDER_TYPE_OAUTH, PROVIDER_TYPE_AZURE_AD, PROVIDER_TYPE_GITHUB, PROVIDER_TYPE_GITHUB_ES, PROVIDER_TYPE_GITLAB, PROVIDER_TYPE_GITLAB_SELF_HOSTED, PROVIDER_TYPE_GOOGLE, PROVIDER_TYPE_APPLE, PROVIDER_TYPE_SAML]

    Default value: PROVIDER_TYPE_UNSPECIFIED

    config

    object

    options

    object

    isLinkingAllowed boolean

    Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

    isCreationAllowed boolean

    Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.

    isAutoCreation boolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

    isAutoUpdate boolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

    autoLinking string

    Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

    Default value: AUTO_LINKING_OPTION_UNSPECIFIED

    Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

    ldap

    object

    servers string[]
    startTls boolean
    baseDn string
    bindDn string
    userBase string
    userObjectClasses string[]
    userFilters string[]
    timeout string

    attributes

    object

    idAttribute string
    firstNameAttribute string
    lastNameAttribute string
    displayNameAttribute string
    nickNameAttribute string
    preferredUsernameAttribute string
    emailAttribute string
    emailVerifiedAttribute string
    phoneAttribute string
    phoneVerifiedAttribute string
    preferredLanguageAttribute string
    avatarUrlAttribute string
    profileAttribute string
    rootCa byte

    google

    object

    clientId string

    client id of the Google application

    scopes string[]

    the scopes requested by ZITADEL during the request to Google

    oauth

    object

    clientId string

    client id generated by the identity provider

    authorizationEndpoint string

    the endpoint where ZITADEL send the user to authenticate

    tokenEndpoint string

    the endpoint where ZITADEL can get the token

    userEndpoint string

    the endpoint where ZITADEL can get the user information

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    idAttribute string

    defines how the attribute is called where ZITADEL can get the id of the user

    usePkce boolean

    Defines if the Proof Key for Code Exchange (PKCE) is used for the authorization code flow.

    oidc

    object

    issuer string

    the OIDC issuer of the identity provider

    clientId string

    client id generated by the identity provider

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    isIdTokenMapping boolean

    if true, provider information get mapped from the id token, not from the userinfo endpoint

    usePkce boolean

    Defines if the Proof Key for Code Exchange (PKCE) is used for the authorization code flow.

    jwt

    object

    jwtEndpoint string

    the endpoint where the JWT can be extracted

    issuer string

    the issuer of the JWT (for validation)

    keysEndpoint string

    the endpoint to the key (JWK) which is used to sign the JWT with

    headerName string

    the name of the header where the JWT is sent in, default is authorization

    github

    object

    clientId string

    the client ID of the GitHub App

    scopes string[]

    the scopes requested by ZITADEL during the request to GitHub

    githubEs

    object

    clientId string

    the client ID of the GitHub App

    authorizationEndpoint string
    tokenEndpoint string
    userEndpoint string
    scopes string[]

    the scopes requested by ZITADEL during the request to GitHub

    gitlab

    object

    clientId string

    client id of the GitLab application

    scopes string[]

    the scopes requested by ZITADEL during the request to GitLab

    gitlabSelfHosted

    object

    issuer string
    clientId string

    client id of the GitLab application

    scopes string[]

    the scopes requested by ZITADEL during the request to GitLab

    azureAd

    object

    clientId string

    client id of the Azure AD application

    tenant

    object

    Defines what user accounts should be able to login (Personal, Organizational, All)

    tenantType string

    Possible values: [AZURE_AD_TENANT_TYPE_COMMON, AZURE_AD_TENANT_TYPE_ORGANISATIONS, AZURE_AD_TENANT_TYPE_CONSUMERS]

    Default value: AZURE_AD_TENANT_TYPE_COMMON

    tenantId string
    emailVerified boolean

    Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)

    scopes string[]

    the scopes requested by ZITADEL during the request to Azure AD

    apple

    object

    clientId string

    Client id (App ID or Service ID) provided by Apple

    teamId string

    Team ID provided by Apple

    keyId string

    ID of the private key generated by Apple

    scopes string[]

    the scopes requested by ZITADEL during the request to Apple

    saml

    object

    metadataXml byte

    Metadata of the SAML identity provider.

    binding string

    Possible values: [SAML_BINDING_UNSPECIFIED, SAML_BINDING_POST, SAML_BINDING_REDIRECT, SAML_BINDING_ARTIFACT]

    Default value: SAML_BINDING_UNSPECIFIED

    Binding which defines the type of communication with the identity provider.

    withSignedRequest boolean

    Boolean which defines if the authentication requests are signed.

    nameIdFormat string

    Possible values: [SAML_NAME_ID_FORMAT_UNSPECIFIED, SAML_NAME_ID_FORMAT_EMAIL_ADDRESS, SAML_NAME_ID_FORMAT_PERSISTENT, SAML_NAME_ID_FORMAT_TRANSIENT]

    Default value: SAML_NAME_ID_FORMAT_UNSPECIFIED

    nameid-format for the SAML Request.

    transientMappingAttributeName string

    Optional name of the attribute, which will be used to map the user in case the nameid-format returned is urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

    federatedLogoutEnabled boolean

    Boolean weather federated logout is enabled. If enabled, ZITADEL will send a logout request to the identity provider, if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.

Loading...