Configure IDP
Create Identity Provider configuration (OIDC, SAML, or LDAP)
Creates a new Identity Provider configuration supporting OIDC, SAML, or LDAP BIND protocols. Supports JIT, SCIM, or LDAP provisioning types.
Request
URI
POST
https://{api_host}/suite-api/api/fleet-management/iam/identity-providers
COPY
Request Body
Identity Provider Configuration object.
FederatedIdentityProvider
of type(s)
application/json
Required
Show optional properties
{
"idpProtocol": "string",
"idpType": "string",
"name": "string",
"provisionType": "string",
"ssoRealmId": "string"
}{
"certificateChain": [
"string"
],
"createdAt": 0,
"directories": [
{
"defaultDomain": "string",
"domains": [
"string"
],
"id": "string",
"name": "string"
}
],
"id": "string",
"idpConfig": {
"oidcConfiguration": {
"clientId": "string",
"clientSecret": "string",
"discoveryEndpoint": "string",
"internalUserIdentifierAttribute": "string",
"openIdUserIdentifierAttribute": "string"
},
"samlConfiguration": {
"authenticationContext": "string",
"metadataSourceType": "string",
"metadataUrl": "string",
"metadataXml": "string",
"nameIdAttributeMappings": [
{
"idpAttribute": "string",
"vidbAttribute": "string"
}
],
"nameIdFormatType": "string"
}
},
"idpProtocol": "string",
"idpType": "string",
"name": "string",
"provisionType": "string",
"provisioningConfig": {
"jitConfiguration": {
"jitProvisioningGroups": [
{
"domain": "string",
"groupNames": [
"string"
]
}
],
"oidcJitConfiguration": {
"internalUserIdentifierAttribute": "string",
"openIdUserIdentifierAttribute": "string",
"userAttributeMappings": [
{
"attributeName": "string",
"directoryName": "string"
}
]
},
"samlJitConfiguration": {
"groupMembershipAttribute": "string",
"passthroughClaimNames": [
"string"
]
}
},
"ldapConfigurations": [
{
"domains": [
"string"
],
"ldapBindConfiguration": {
"baseDn": "string",
"bindDn": "string",
"bindDnPassword": "string",
"communicationMode": "string",
"directorySearchAttribute": "string",
"dnsLookupCertificateChain": [
"string"
],
"domainChanged": false,
"openLdapConfiguration": {
"bindUserFilterQuery": "string",
"directorySearchGroupAttribute": "string",
"directorySearchUserAttribute": "string",
"groupsFilterQuery": "string",
"membershipAttribute": "string",
"objectUuidAttribute": "string",
"uniquelyIdentifiableAttributeForGroup": "string",
"uniquelyIdentifiableAttributeForUser": "string",
"userMembershipsFilterQuery": "string",
"usersFilterQuery": "string"
},
"primaryDomainController": {
"certificate": "string",
"certificateName": "string",
"host": "string",
"port": 0,
"protocol": "string"
},
"secondaryDomainController": {
"certificate": "string",
"certificateName": "string",
"host": "string",
"port": 0,
"protocol": "string"
},
"type": "string"
},
"ldapConfigurationId": "string",
"name": "string"
}
]
},
"ssoRealmId": "string",
"updatedAt": 0
}
array of
string
certificateChain
Optional
List of certificate chain
integer As int64
As int64
createdAt
Optional
IDP creation timestamp
array of
object
directories
Optional
Constraints:
minItems: 0
maxItems: 1
IDP directory. Currently, only one directory is supported as part of IDP configuration.
string As uuid
As uuid
id
Optional
Identity Provider Id
object
idpConfig
Optional
IDP Configuration Details
string
idpProtocol
Required
Indicates IDP Protocol.
Possible values are :
OIDC,
SAML,
LDAP_BIND,
UNKNOWN,
string
idpType
Required
Indicates IDP type
Possible values are :
OKTA,
PING,
ENTRA_ID,
SYMANTEC_IDSP,
ADFS,
ADLDAP,
OPENLDAP,
OTHER,
UNKNOWN,
string
name
Required
Constraints:
minLength: 1
Identity Provider name
string
provisionType
Required
Indicates provision type for the given IDP configuration
Possible values are :
JIT,
SCIM,
LDAP,
UNKNOWN,
object
provisioningConfig
Optional
User and Groups provisioning configuration
string As uuid
As uuid
ssoRealmId
Required
ID of the SSO Realm that has this Identity Provider configuration.
integer As int64
As int64
updatedAt
Optional
IDP last updated timestamp
Responses
201
IDP configuration object.
Returns
FederatedIdentityProvider
of type(s)
application/json
{
"certificateChain": [
"string"
],
"createdAt": 0,
"directories": [
{
"defaultDomain": "string",
"domains": [
"string"
],
"id": "string",
"name": "string"
}
],
"id": "string",
"idpConfig": {
"oidcConfiguration": {
"clientId": "string",
"clientSecret": "string",
"discoveryEndpoint": "string",
"internalUserIdentifierAttribute": "string",
"openIdUserIdentifierAttribute": "string"
},
"samlConfiguration": {
"authenticationContext": "string",
"metadataSourceType": "string",
"metadataUrl": "string",
"metadataXml": "string",
"nameIdAttributeMappings": [
{
"idpAttribute": "string",
"vidbAttribute": "string"
}
],
"nameIdFormatType": "string"
}
},
"idpProtocol": "string",
"idpType": "string",
"name": "string",
"provisionType": "string",
"provisioningConfig": {
"jitConfiguration": {
"jitProvisioningGroups": [
{
"domain": "string",
"groupNames": [
"string"
]
}
],
"oidcJitConfiguration": {
"internalUserIdentifierAttribute": "string",
"openIdUserIdentifierAttribute": "string",
"userAttributeMappings": [
{
"attributeName": "string",
"directoryName": "string"
}
]
},
"samlJitConfiguration": {
"groupMembershipAttribute": "string",
"passthroughClaimNames": [
"string"
]
}
},
"ldapConfigurations": [
{
"domains": [
"string"
],
"ldapBindConfiguration": {
"baseDn": "string",
"bindDn": "string",
"bindDnPassword": "string",
"communicationMode": "string",
"directorySearchAttribute": "string",
"dnsLookupCertificateChain": [
"string"
],
"domainChanged": false,
"openLdapConfiguration": {
"bindUserFilterQuery": "string",
"directorySearchGroupAttribute": "string",
"directorySearchUserAttribute": "string",
"groupsFilterQuery": "string",
"membershipAttribute": "string",
"objectUuidAttribute": "string",
"uniquelyIdentifiableAttributeForGroup": "string",
"uniquelyIdentifiableAttributeForUser": "string",
"userMembershipsFilterQuery": "string",
"usersFilterQuery": "string"
},
"primaryDomainController": {
"certificate": "string",
"certificateName": "string",
"host": "string",
"port": 0,
"protocol": "string"
},
"secondaryDomainController": {
"certificate": "string",
"certificateName": "string",
"host": "string",
"port": 0,
"protocol": "string"
},
"type": "string"
},
"ldapConfigurationId": "string",
"name": "string"
}
]
},
"ssoRealmId": "string",
"updatedAt": 0
}
array of
string
certificateChain
Optional
List of certificate chain
integer As int64
As int64
createdAt
Optional
IDP creation timestamp
array of
object
directories
Optional
Constraints:
minItems: 0
maxItems: 1
IDP directory. Currently, only one directory is supported as part of IDP configuration.
string As uuid
As uuid
id
Optional
Identity Provider Id
object
idpConfig
Optional
IDP Configuration Details
string
idpProtocol
Required
Indicates IDP Protocol.
Possible values are :
OIDC,
SAML,
LDAP_BIND,
UNKNOWN,
string
idpType
Required
Indicates IDP type
Possible values are :
OKTA,
PING,
ENTRA_ID,
SYMANTEC_IDSP,
ADFS,
ADLDAP,
OPENLDAP,
OTHER,
UNKNOWN,
string
name
Required
Constraints:
minLength: 1
Identity Provider name
string
provisionType
Required
Indicates provision type for the given IDP configuration
Possible values are :
JIT,
SCIM,
LDAP,
UNKNOWN,
object
provisioningConfig
Optional
User and Groups provisioning configuration
string As uuid
As uuid
ssoRealmId
Required
ID of the SSO Realm that has this Identity Provider configuration.
integer As int64
As int64
updatedAt
Optional
IDP last updated timestamp
Code Samples
COPY
curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"idpProtocol":"string","idpType":"string","name":"string","provisionType":"string","ssoRealmId":"string"}' https://{api_host}/suite-api/api/fleet-management/iam/identity-providers
Iam Apis Operations
GET
Get Eligible Components
DELETE
Delete Iam Component Auth Source
POST
Create Iam Component Auth Source
POST
Get Iam Component Auth Sources
GET
Get Component Roles
POST
Provision Component Role
PUT
Update Component Role
GET
Get Component Role Summaries
DELETE
Delete Component Role
GET
Get Component Role
POST
Trigger Drift Check
POST
Retry Apply For Role
GET
Get Component Role Definitions
POST
Configure IDP
PUT
Update IDP Configuration
DELETE
Delete IDP Configuration
GET
Get IDP Configuration
GET
Get Scim Sync Client Info
POST
Generate Scim Sync Client
GET
Get Ldap Directories
POST
Lookup Ldap Groups
POST
Execute Ldap Sync
GET
Get Ldap Sync Logs
GET
Get Ldap Sync Log By Id
GET
Get Ldap Sync Profile
PUT
Update Ldap Sync Profile
POST
Lookup Ldap Users
GET
Get VCF Roles Paginated
POST
Create Role
PUT
Update Role Definition
DELETE
Delete Role
GET
Get Role
POST
Validate Saml Metadata
GET
Get Iam Settings
PUT
Update Iam Settings
GET
Get Sso Realm List
POST
Create Sso Realm
DELETE
Delete Sso Realm
GET
Get Sso Realm
PATCH
Update Api Client
POST
Create Api Client
POST
Query Api Clients
DELETE
Delete Api Client
GET
Get Api Client
PATCH
Update Api Token
POST
Generate Api Token
POST
Query Api Tokens
DELETE
Delete Api Token
GET
Get Api Token
POST
Re Generate Api Token
GET
List Emergency Clients
POST
Create Emergency Client
DELETE
Delete Emergency Client
GET
Get Emergency Client
POST
Regenerate Emergency Client
POST
Get Groups List
POST
Get Group Members List
GET
List O Auth Apps
POST
Create O Auth App
PUT
Update O Auth App
DELETE
Delete O Auth App
GET
Get O Auth App
POST
Rotate O Auth App Secret
DELETE
Delete Role Assignments
GET
Get Role Assignment
PUT
Update Role Assignment
POST
Get Users List
GET
Get Iam Task Details
GET
Get Eligible Vidbs
PATCH
Update Vidb Metadata