Skip to main content
POST
/
api
/
identity-providers
Create identity provider
curl --request POST \
  --url https://api.example.com/api/identity-providers \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "alias": "<string>",
  "display_name": "<string>",
  "enabled": true,
  "oidc_config": {
    "authorization_url": "<string>",
    "token_url": "<string>",
    "client_id": "<string>",
    "client_secret": "<string>",
    "user_info_url": "<string>",
    "issuer": "<string>",
    "default_scope": "openid email profile",
    "sync_mode": "INHERIT",
    "validate_signature": true,
    "use_jwks_url": true,
    "pkce_enabled": false,
    "pkce_method": "S256"
  },
  "saml_config": {
    "single_sign_on_service_url": "<string>",
    "single_logout_service_url": "<string>",
    "name_id_policy_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
    "signing_certificate": "<string>",
    "want_authn_requests_signed": true,
    "post_binding_authn_request": true,
    "post_binding_response": true,
    "sync_mode": "INHERIT"
  },
  "ldap_config": {
    "connection_url": "<string>",
    "bind_dn": "<string>",
    "bind_credential": "<string>",
    "users_dn": "<string>",
    "users_filter": "<string>",
    "vendor": "ad",
    "username_ldap_attribute": "sAMAccountName",
    "rdn_ldap_attribute": "sAMAccountName",
    "uuid_ldap_attribute": "objectGUID",
    "user_object_classes": "person, organizationalPerson, user",
    "search_scope": "2",
    "edit_mode": "READ_ONLY",
    "use_truststore_spi": "always",
    "connection_timeout": 5000,
    "read_timeout": 10000,
    "pagination": true,
    "batch_size_for_sync": 1000,
    "full_sync_period": 604800,
    "changed_sync_period": 86400,
    "sync_registrations": false,
    "import_enabled": true,
    "trust_email": true
  },
  "mappers": [
    {
      "name": "<string>",
      "identity_provider_mapper": "<string>",
      "id": "<string>",
      "config": {}
    }
  ]
}
'
{
  "alias": "<string>",
  "display_name": "<string>",
  "provider_id": "<string>",
  "enabled": true,
  "internal_id": "<string>",
  "config": {},
  "mapper_count": 0
}

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

Request to create an identity provider.

alias
string
required

Unique alias. Ensure it's URL-safe and in lowercase.

display_name
string
required

Human-readable display name

provider_id
enum<string>
required

Protocol type.

Available options:
oidc,
saml,
ldap
enabled
boolean
default:true

Whether the IdP is active

known_provider
enum<string> | null

Known provider preset for this configuration.

Available options:
okta,
entra_id,
auth0,
google,
github,
ping_identity,
onelogin,
custom_oidc,
custom_saml,
active_directory
oidc_config
OidcConfig · object | null

OIDC config. Required when provider_id=oidc

saml_config
SamlConfig · object | null

SAML config. Required when provider_id=saml

ldap_config
LdapConfig · object | null

LDAP config. Required when provider_id=ldap

mappers
IdpMapperConfig · object[]

Claim/attribute mappers

Response

Identity provider created.

Response for a single identity provider.

alias
string
required
display_name
string
required
provider_id
string
required
enabled
boolean
required
internal_id
string | null
known_provider
enum<string> | null
Available options:
okta,
entra_id,
auth0,
google,
github,
ping_identity,
onelogin,
custom_oidc,
custom_saml,
active_directory
config
Config · object

Provider configuration. NexusOne masks the secrets.

mapper_count
integer
default:0

Number of configured mappers.