Skip to main content
POST
/
api
/
identity-providers
Create identity provider
curl --request POST \
  --url https://api.example.com/api/identity-providers \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "alias": "<string>",
  "display_name": "<string>",
  "enabled": true,
  "oidc_config": {
    "authorization_url": "<string>",
    "token_url": "<string>",
    "client_id": "<string>",
    "client_secret": "<string>",
    "user_info_url": "<string>",
    "issuer": "<string>",
    "default_scope": "openid email profile",
    "sync_mode": "INHERIT",
    "validate_signature": true,
    "use_jwks_url": true,
    "pkce_enabled": false,
    "pkce_method": "S256"
  },
  "saml_config": {
    "single_sign_on_service_url": "<string>",
    "single_logout_service_url": "<string>",
    "name_id_policy_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
    "signing_certificate": "<string>",
    "want_authn_requests_signed": true,
    "post_binding_authn_request": true,
    "post_binding_response": true,
    "sync_mode": "INHERIT"
  },
  "ldap_config": {
    "connection_url": "<string>",
    "bind_dn": "<string>",
    "bind_credential": "<string>",
    "users_dn": "<string>",
    "users_filter": "<string>",
    "vendor": "ad",
    "username_ldap_attribute": "sAMAccountName",
    "rdn_ldap_attribute": "sAMAccountName",
    "uuid_ldap_attribute": "objectGUID",
    "user_object_classes": "person, organizationalPerson, user",
    "search_scope": "2",
    "edit_mode": "READ_ONLY",
    "use_truststore_spi": "always",
    "connection_timeout": 5000,
    "read_timeout": 10000,
    "pagination": true,
    "batch_size_for_sync": 1000,
    "full_sync_period": 604800,
    "changed_sync_period": 86400,
    "sync_registrations": false,
    "import_enabled": true,
    "trust_email": true
  },
  "mappers": [
    {
      "name": "<string>",
      "identity_provider_mapper": "<string>",
      "id": "<string>",
      "config": {}
    }
  ]
}
'
{
  "alias": "<string>",
  "display_name": "<string>",
  "provider_id": "<string>",
  "enabled": true,
  "internal_id": "<string>",
  "config": {},
  "mapper_count": 0
}

Documentation Index

Fetch the complete documentation index at: https://docs.nx1cloud.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

Request to create an identity provider.

alias
string
required

Unique alias. Ensure it's URL-safe and in lowercase.

display_name
string
required

Human-readable display name

provider_id
enum<string>
required

Protocol type.

Available options:
oidc,
saml,
ldap
enabled
boolean
default:true

Whether the IdP is active

known_provider
enum<string> | null

Known provider this config is based on.

Available options:
okta,
entra_id,
auth0,
google,
github,
ping_identity,
onelogin,
custom_oidc,
custom_saml,
active_directory
oidc_config
OidcConfig · object

OIDC config. Required when provider_id=oidc

saml_config
SamlConfig · object

SAML config. Required when provider_id=saml

ldap_config
LdapConfig · object

LDAP config. Required when provider_id=ldap

mappers
IdpMapperConfig · object[]

Claim/attribute mappers

Response

Identity provider created.

Response for a single identity provider.

alias
string
required
display_name
string
required
provider_id
string
required
enabled
boolean
required
internal_id
string | null
known_provider
enum<string> | null
Available options:
okta,
entra_id,
auth0,
google,
github,
ping_identity,
onelogin,
custom_oidc,
custom_saml,
active_directory
config
Config · object

Provider configuration. NexusOne masks the secrets.

mapper_count
integer
default:0

Number of configured mappers.