Skip to main content
POST
/
api
/
identity-providers
Create identity provider
curl --request POST \
  --url https://api.example.com/api/identity-providers \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "alias": "<string>",
  "display_name": "<string>",
  "provider_id": "oidc",
  "enabled": true,
  "known_provider": "okta",
  "oidc_config": {
    "authorization_url": "<string>",
    "token_url": "<string>",
    "client_id": "<string>",
    "client_secret": "<string>",
    "user_info_url": "<string>",
    "issuer": "<string>",
    "default_scope": "openid email profile",
    "sync_mode": "INHERIT",
    "validate_signature": true,
    "use_jwks_url": true,
    "pkce_enabled": false,
    "pkce_method": "S256"
  },
  "saml_config": {
    "single_sign_on_service_url": "<string>",
    "single_logout_service_url": "<string>",
    "name_id_policy_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
    "signing_certificate": "<string>",
    "want_authn_requests_signed": true,
    "post_binding_authn_request": true,
    "post_binding_response": true,
    "sync_mode": "INHERIT"
  },
  "mappers": [
    {
      "name": "<string>",
      "identity_provider_mapper": "<string>",
      "id": "<string>",
      "config": {}
    }
  ]
}
'
{
  "alias": "<string>",
  "display_name": "<string>",
  "provider_id": "<string>",
  "enabled": true,
  "internal_id": "<string>",
  "known_provider": "<string>",
  "config": {},
  "mapper_count": 0
}

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

Request to create an identity provider.

alias
string
required

Unique alias (URL-safe, lowercase)

display_name
string
required

Human-readable display name

provider_id
enum<string>
required

Protocol type: oidc or saml

Available options:
oidc,
saml
enabled
boolean
default:true

Whether the IdP is active

known_provider
enum<string> | null

Known provider this config is based on

Available options:
okta,
entra_id,
auth0,
google,
github,
ping_identity,
onelogin,
custom_oidc,
custom_saml
oidc_config
OidcConfig · object

OIDC config (required when provider_id=oidc)

saml_config
SamlConfig · object

SAML config (required when provider_id=saml)

mappers
IdpMapperConfig · object[]

Claim/attribute mappers

Response

Identity provider created

Response for a single identity provider.

alias
string
required
display_name
string
required
provider_id
string
required
enabled
boolean
required
internal_id
string | null
known_provider
string | null
config
Config · object

Provider configuration (secrets masked)

mapper_count
integer
default:0

Number of configured mappers