Skip to main content

List Identity Providers​

List Identity Providers

Header Parameters
    x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

Request Body required
    query object

    Object unspecific list filters like offset, limit and asc/desc.

    offset uint64
    limit int64

    Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.

    asc boolean

    default is descending

    queries object[]
  • Array [
    • idpIdQuery object
    id string
    idpNameQuery object
    name string
    method string

    Possible values: [TEXT_QUERY_METHOD_EQUALS, TEXT_QUERY_METHOD_EQUALS_IGNORE_CASE, TEXT_QUERY_METHOD_STARTS_WITH, TEXT_QUERY_METHOD_STARTS_WITH_IGNORE_CASE, TEXT_QUERY_METHOD_CONTAINS, TEXT_QUERY_METHOD_CONTAINS_IGNORE_CASE, TEXT_QUERY_METHOD_ENDS_WITH, TEXT_QUERY_METHOD_ENDS_WITH_IGNORE_CASE]

    Default value: TEXT_QUERY_METHOD_EQUALS

    defines which text equality method is used

    ownerTypeQuery object
    ownerType string

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
  • ]
Responses

A successful response.

Schema
    details object
    totalResult uint64
    processedSequence uint64
    viewTimestamp date-time

    the last time the view got updated

    result object[]
  • Array [
    • id string
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to
    state string

    Possible values: [IDP_STATE_UNSPECIFIED, IDP_STATE_ACTIVE, IDP_STATE_INACTIVE]

    Default value: IDP_STATE_UNSPECIFIED

    name string
    owner string

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
    type string

    Possible values: [PROVIDER_TYPE_UNSPECIFIED, PROVIDER_TYPE_OIDC, PROVIDER_TYPE_JWT, PROVIDER_TYPE_LDAP, PROVIDER_TYPE_OAUTH, PROVIDER_TYPE_AZURE_AD, PROVIDER_TYPE_GITHUB, PROVIDER_TYPE_GITHUB_ES, PROVIDER_TYPE_GITLAB, PROVIDER_TYPE_GITLAB_SELF_HOSTED, PROVIDER_TYPE_GOOGLE, PROVIDER_TYPE_APPLE, PROVIDER_TYPE_SAML]

    Default value: PROVIDER_TYPE_UNSPECIFIED

    config object
    options object
    isLinkingAllowed boolean

    Enable if users should be able to link an existing ZITADEL user with an external account.

    isCreationAllowed boolean

    Enable if users should be able to create a new account in ZITADEL when using an external account.

    isAutoCreation boolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

    isAutoUpdate boolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

    autoLinking string

    Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

    Default value: AUTO_LINKING_OPTION_UNSPECIFIED

    Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

    ldap object
    servers string[]
    startTls boolean
    baseDn string
    bindDn string
    userBase string
    userObjectClasses string[]
    userFilters string[]
    timeout string
    attributes object
    idAttribute string
    firstNameAttribute string
    lastNameAttribute string
    displayNameAttribute string
    nickNameAttribute string
    preferredUsernameAttribute string
    emailAttribute string
    emailVerifiedAttribute string
    phoneAttribute string
    phoneVerifiedAttribute string
    preferredLanguageAttribute string
    avatarUrlAttribute string
    profileAttribute string
    google object
    clientId string

    client id of the Google application

    scopes string[]

    the scopes requested by ZITADEL during the request to Google

    oauth object
    clientId string

    client id generated by the identity provider

    authorizationEndpoint string

    the endpoint where ZITADEL send the user to authenticate

    tokenEndpoint string

    the endpoint where ZITADEL can get the token

    userEndpoint string

    the endpoint where ZITADEL can get the user information

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    idAttribute string

    defines how the attribute is called where ZITADEL can get the id of the user

    oidc object
    issuer string

    the OIDC issuer of the identity provider

    clientId string

    client id generated by the identity provider

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    isIdTokenMapping boolean

    if true, provider information get mapped from the id token, not from the userinfo endpoint

    jwt object
    jwtEndpoint string

    the endpoint where the JWT can be extracted

    issuer string

    the issuer of the JWT (for validation)

    keysEndpoint string

    the endpoint to the key (JWK) which is used to sign the JWT with

    headerName string

    the name of the header where the JWT is sent in, default is authorization

    github object
    clientId string

    the client ID of the GitHub App

    scopes string[]

    the scopes requested by ZITADEL during the request to GitHub

    githubEs object
    clientId string

    the client ID of the GitHub App

    authorizationEndpoint string
    tokenEndpoint string
    userEndpoint string
    scopes string[]

    the scopes requested by ZITADEL during the request to GitHub

    gitlab object
    clientId string

    client id of the GitLab application

    scopes string[]

    the scopes requested by ZITADEL during the request to GitLab

    gitlabSelfHosted object
    issuer string
    clientId string

    client id of the GitLab application

    scopes string[]

    the scopes requested by ZITADEL during the request to GitLab

    azureAd object
    clientId string

    client id of the Azure AD application

    tenant object

    Defines what user accounts should be able to login (Personal, Organizational, All)

    tenantType string

    Possible values: [AZURE_AD_TENANT_TYPE_COMMON, AZURE_AD_TENANT_TYPE_ORGANISATIONS, AZURE_AD_TENANT_TYPE_CONSUMERS]

    Default value: AZURE_AD_TENANT_TYPE_COMMON

    tenantId string
    emailVerified boolean

    Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)

    scopes string[]

    the scopes requested by ZITADEL during the request to Azure AD

    apple object
    clientId string

    Client id (App ID or Service ID) provided by Apple

    teamId string

    Team ID provided by Apple

    keyId string

    ID of the private key generated by Apple

    scopes string[]

    the scopes requested by ZITADEL during the request to Apple

    saml object
    metadataXml byte

    Metadata of the SAML identity provider.

    binding string

    Possible values: [SAML_BINDING_UNSPECIFIED, SAML_BINDING_POST, SAML_BINDING_REDIRECT, SAML_BINDING_ARTIFACT]

    Default value: SAML_BINDING_UNSPECIFIED

    Binding which defines the type of communication with the identity provider.

    withSignedRequest boolean

    Boolean which defines if the authentication requests are signed.

    nameIdFormat string

    Possible values: [SAML_NAME_ID_FORMAT_UNSPECIFIED, SAML_NAME_ID_FORMAT_EMAIL_ADDRESS, SAML_NAME_ID_FORMAT_PERSISTENT, SAML_NAME_ID_FORMAT_TRANSIENT]

    Default value: SAML_NAME_ID_FORMAT_UNSPECIFIED

    nameid-format for the SAML Request.

    transientMappingAttributeName string

    Optional name of the attribute, which will be used to map the user in case the nameid-format returned is urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

  • ]
Loading...