Skip to main content

List Identity Providers

POST 
https://$CUSTOM-DOMAIN/management/v1/idps/templates/_search

List Identity Providers

Request​

Header Parameters

    x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

Bodyrequired

    query object

    Object unspecific list filters like offset, limit and asc/desc.

    offsetuint64
    Example: 0
    limitint64

    Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.

    Example: 100
    ascboolean

    default is descending

    queries object[]
  • Array [
    • idpIdQuery object
    idstring
    Example: 69629023906488334
    idpNameQuery object
    namestring
    Example: google
    methodstring

    defines which text equality method is used

    Possible values: [TEXT_QUERY_METHOD_EQUALS, TEXT_QUERY_METHOD_EQUALS_IGNORE_CASE, TEXT_QUERY_METHOD_STARTS_WITH, TEXT_QUERY_METHOD_STARTS_WITH_IGNORE_CASE, TEXT_QUERY_METHOD_CONTAINS, TEXT_QUERY_METHOD_CONTAINS_IGNORE_CASE, TEXT_QUERY_METHOD_ENDS_WITH, TEXT_QUERY_METHOD_ENDS_WITH_IGNORE_CASE]

    Default value: TEXT_QUERY_METHOD_EQUALS
    ownerTypeQuery object
    ownerTypestring

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED
  • ]

Responses​

A successful response.

Schema
    details object
    totalResultuint64
    Example: 2
    processedSequenceuint64
    Example: 267831
    viewTimestampdate-time

    the last time the view got updated

    result object[]
  • Array [
    • idstring
    Example: 69629023906488334
    details object
    sequenceuint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    Example: 2
    creationDatedate-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDatedate-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwnerresource_owner is the organization an object belongs to (string)
    Example: 69629023906488334
    statestring

    Possible values: [IDP_STATE_UNSPECIFIED, IDP_STATE_ACTIVE, IDP_STATE_INACTIVE]

    Default value: IDP_STATE_UNSPECIFIED
    namestring
    Example: Google
    ownerstring

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED
    typestring

    Possible values: [PROVIDER_TYPE_UNSPECIFIED, PROVIDER_TYPE_OIDC, PROVIDER_TYPE_JWT, PROVIDER_TYPE_LDAP, PROVIDER_TYPE_OAUTH, PROVIDER_TYPE_AZURE_AD, PROVIDER_TYPE_GITHUB, PROVIDER_TYPE_GITHUB_ES, PROVIDER_TYPE_GITLAB, PROVIDER_TYPE_GITLAB_SELF_HOSTED, PROVIDER_TYPE_GOOGLE, PROVIDER_TYPE_APPLE, PROVIDER_TYPE_SAML]

    Default value: PROVIDER_TYPE_UNSPECIFIED
    config object
    options object
    isLinkingAllowedboolean

    Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

    isCreationAllowedboolean

    Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.

    isAutoCreationboolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

    isAutoUpdateboolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

    autoLinkingstring

    Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

    Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

    Default value: AUTO_LINKING_OPTION_UNSPECIFIED
    ldap object
    serversstring[]
    startTlsboolean
    baseDnstring
    bindDnstring
    userBasestring
    userObjectClassesstring[]
    userFiltersstring[]
    timeoutstring
    attributes object
    idAttributestring
    firstNameAttributestring
    lastNameAttributestring
    displayNameAttributestring
    nickNameAttributestring
    preferredUsernameAttributestring
    emailAttributestring
    emailVerifiedAttributestring
    phoneAttributestring
    phoneVerifiedAttributestring
    preferredLanguageAttributestring
    avatarUrlAttributestring
    profileAttributestring
    rootCabyte
    google object
    clientIdstring

    client id of the Google application

    Example: client-id
    scopesstring[]

    the scopes requested by ZITADEL during the request to Google

    Example: ["openid","profile","email"]
    oauth object
    clientIdstring

    client id generated by the identity provider

    Example: client-id
    authorizationEndpointstring

    the endpoint where ZITADEL send the user to authenticate

    Example: https://accounts.google.com/o/oauth2/v2/auth
    tokenEndpointstring

    the endpoint where ZITADEL can get the token

    Example: https://oauth2.googleapis.com/token
    userEndpointstring

    the endpoint where ZITADEL can get the user information

    Example: https://openidconnect.googleapis.com/v1/userinfo
    scopesstring[]

    the scopes requested by ZITADEL during the request on the identity provider

    Example: ["openid","profile","email"]
    idAttributestring

    defines how the attribute is called where ZITADEL can get the id of the user

    Example: user_id
    usePkceboolean

    Defines if the Proof Key for Code Exchange (PKCE) is used for the authorization code flow.

    oidc object
    issuerstring

    the OIDC issuer of the identity provider

    Example: https://accounts.google.com/
    clientIdstring

    client id generated by the identity provider

    Example: client-id
    scopesstring[]

    the scopes requested by ZITADEL during the request on the identity provider

    Example: ["openid","profile","email"]
    isIdTokenMappingboolean

    if true, provider information get mapped from the id token, not from the userinfo endpoint

    Example: true
    usePkceboolean

    Defines if the Proof Key for Code Exchange (PKCE) is used for the authorization code flow.

    Example: true
    jwt object
    jwtEndpointstring

    the endpoint where the JWT can be extracted

    Example: https://accounts.google.com
    issuerstring

    the issuer of the JWT (for validation)

    Example: https://accounts.google.com
    keysEndpointstring

    the endpoint to the key (JWK) which is used to sign the JWT with

    Example: https://accounts.google.com/keys
    headerNamestring

    the name of the header where the JWT is sent in, default is authorization

    Example: x-auth-token
    github object
    clientIdstring

    the client ID of the GitHub App

    Example: client-id
    scopesstring[]

    the scopes requested by ZITADEL during the request to GitHub

    Example: ["openid","profile","email"]
    githubEs object
    clientIdstring

    the client ID of the GitHub App

    Example: client-id
    authorizationEndpointstring
    tokenEndpointstring
    userEndpointstring
    scopesstring[]

    the scopes requested by ZITADEL during the request to GitHub

    Example: ["openid","profile","email"]
    gitlab object
    clientIdstring

    client id of the GitLab application

    Example: client-id
    scopesstring[]

    the scopes requested by ZITADEL during the request to GitLab

    Example: ["openid","profile","email"]
    gitlabSelfHosted object
    issuerstring
    clientIdstring

    client id of the GitLab application

    Example: client-id
    scopesstring[]

    the scopes requested by ZITADEL during the request to GitLab

    Example: ["openid","profile","email"]
    azureAd object
    clientIdstring

    client id of the Azure AD application

    Example: client-id
    tenant object

    Defines what user accounts should be able to login (Personal, Organizational, All)

    tenantTypestring

    Possible values: [AZURE_AD_TENANT_TYPE_COMMON, AZURE_AD_TENANT_TYPE_ORGANISATIONS, AZURE_AD_TENANT_TYPE_CONSUMERS]

    Default value: AZURE_AD_TENANT_TYPE_COMMON
    tenantIdstring
    emailVerifiedboolean

    Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)

    scopesstring[]

    the scopes requested by ZITADEL during the request to Azure AD

    Example: ["openid","profile","email","User.Read"]
    apple object
    clientIdstring

    Client id (App ID or Service ID) provided by Apple

    Example: com.client.id
    teamIdstring

    Team ID provided by Apple

    Example: ALT03JV3OS
    keyIdstring

    ID of the private key generated by Apple

    Example: OGKDK25KD
    scopesstring[]

    the scopes requested by ZITADEL during the request to Apple

    Example: ["name","email"]
    saml object
    metadataXmlbyte

    Metadata of the SAML identity provider.

    bindingstring

    Binding which defines the type of communication with the identity provider.

    Possible values: [SAML_BINDING_UNSPECIFIED, SAML_BINDING_POST, SAML_BINDING_REDIRECT, SAML_BINDING_ARTIFACT]

    Default value: SAML_BINDING_UNSPECIFIED
    withSignedRequestboolean

    Boolean which defines if the authentication requests are signed.

    nameIdFormatstring

    nameid-format for the SAML Request.

    Possible values: [SAML_NAME_ID_FORMAT_UNSPECIFIED, SAML_NAME_ID_FORMAT_EMAIL_ADDRESS, SAML_NAME_ID_FORMAT_PERSISTENT, SAML_NAME_ID_FORMAT_TRANSIENT]

    Default value: SAML_NAME_ID_FORMAT_UNSPECIFIED
    transientMappingAttributeNamestring

    Optional name of the attribute, which will be used to map the user in case the nameid-format returned is urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

    federatedLogoutEnabledboolean

    Boolean weather federated logout is enabled. If enabled, ZITADEL will send a logout request to the identity provider, if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.

  • ]

Authorization: oauth2

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request Collapse all
Base URL
https://$CUSTOM-DOMAIN/management/v1
Auth
Parameters
— header
Body required
{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  },
  "queries": [
    {
      "idpIdQuery": {
        "id": "69629023906488334"
      },
      "idpNameQuery": {
        "name": "google",
        "method": "TEXT_QUERY_METHOD_EQUALS"
      },
      "ownerTypeQuery": {
        "ownerType": "IDP_OWNER_TYPE_UNSPECIFIED"
      }
    }
  ]
}
ResponseClear

Click the Send API Request button above and see the response here!