Skip to main content

Get Identity Provider By ID​

Get Identity Provider By ID

Path Parameters
    id string required
Responses

A successful response.

Schema
    idp object
    id string
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to
    state string

    Possible values: [IDP_STATE_UNSPECIFIED, IDP_STATE_ACTIVE, IDP_STATE_INACTIVE]

    Default value: IDP_STATE_UNSPECIFIED

    name string
    owner string

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
    type string

    Possible values: [PROVIDER_TYPE_UNSPECIFIED, PROVIDER_TYPE_OIDC, PROVIDER_TYPE_JWT, PROVIDER_TYPE_LDAP, PROVIDER_TYPE_OAUTH, PROVIDER_TYPE_AZURE_AD, PROVIDER_TYPE_GITHUB, PROVIDER_TYPE_GITHUB_ES, PROVIDER_TYPE_GITLAB, PROVIDER_TYPE_GITLAB_SELF_HOSTED, PROVIDER_TYPE_GOOGLE, PROVIDER_TYPE_APPLE, PROVIDER_TYPE_SAML]

    Default value: PROVIDER_TYPE_UNSPECIFIED

    config object
    options object
    isLinkingAllowed boolean

    Enable if users should be able to link an existing ZITADEL user with an external account.

    isCreationAllowed boolean

    Enable if users should be able to create a new account in ZITADEL when using an external account.

    isAutoCreation boolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

    isAutoUpdate boolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

    ldap object
    servers string[]
    startTls boolean
    baseDn string
    bindDn string
    userBase string
    userObjectClasses string[]
    userFilters string[]
    timeout string
    attributes object
    idAttribute string
    firstNameAttribute string
    lastNameAttribute string
    displayNameAttribute string
    nickNameAttribute string
    preferredUsernameAttribute string
    emailAttribute string
    emailVerifiedAttribute string
    phoneAttribute string
    phoneVerifiedAttribute string
    preferredLanguageAttribute string
    avatarUrlAttribute string
    profileAttribute string
    google object
    clientId string

    client id of the Google application

    scopes string[]

    the scopes requested by ZITADEL during the request to Google

    oauth object
    clientId string

    client id generated by the identity provider

    authorizationEndpoint string

    the endpoint where ZITADEL send the user to authenticate

    tokenEndpoint string

    the endpoint where ZITADEL can get the token

    userEndpoint string

    the endpoint where ZITADEL can get the user information

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    idAttribute string

    defines how the attribute is called where ZITADEL can get the id of the user

    oidc object
    issuer string

    the OIDC issuer of the identity provider

    clientId string

    client id generated by the identity provider

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    isIdTokenMapping boolean

    if true, provider information get mapped from the id token, not from the userinfo endpoint

    jwt object
    jwtEndpoint string

    the endpoint where the JWT can be extracted

    issuer string

    the issuer of the JWT (for validation)

    keysEndpoint string

    the endpoint to the key (JWK) which is used to sign the JWT with

    headerName string

    the name of the header where the JWT is sent in, default is authorization

    github object
    clientId string

    the client ID of the GitHub App

    scopes string[]

    the scopes requested by ZITADEL during the request to GitHub

    githubEs object
    clientId string

    the client ID of the GitHub App

    authorizationEndpoint string
    tokenEndpoint string
    userEndpoint string
    scopes string[]

    the scopes requested by ZITADEL during the request to GitHub

    gitlab object
    clientId string

    client id of the GitLab application

    scopes string[]

    the scopes requested by ZITADEL during the request to GitLab

    gitlabSelfHosted object
    issuer string
    clientId string

    client id of the GitLab application

    scopes string[]

    the scopes requested by ZITADEL during the request to GitLab

    azureAd object
    clientId string

    client id of the Azure AD application

    tenant object

    Defines what user accounts should be able to login (Personal, Organizational, All)

    tenantType string

    Possible values: [AZURE_AD_TENANT_TYPE_COMMON, AZURE_AD_TENANT_TYPE_ORGANISATIONS, AZURE_AD_TENANT_TYPE_CONSUMERS]

    Default value: AZURE_AD_TENANT_TYPE_COMMON

    tenantId string
    emailVerified boolean

    Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)

    scopes string[]

    the scopes requested by ZITADEL during the request to Azure AD

    apple object
    clientId string

    Client id (App ID or Service ID) provided by Apple

    teamId string

    Team ID provided by Apple

    keyId string

    ID of the private key generated by Apple

    scopes string[]

    the scopes requested by ZITADEL during the request to Apple

    saml object
    metadataXml byte

    Metadata of the SAML identity provider

    binding string

    Possible values: [SAML_BINDING_UNSPECIFIED, SAML_BINDING_POST, SAML_BINDING_REDIRECT, SAML_BINDING_ARTIFACT]

    Default value: SAML_BINDING_UNSPECIFIED

    Binding which defines the type of communication with the identity provider

    withSignedRequest boolean

    Boolean which defines if the authentication requests are signed

GET /idps/templates/:id

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN/admin/v1
Bearer Token
id — path required
Accept
curl / cURL
curl -L -X GET 'https://$CUSTOM-DOMAIN/admin/v1/idps/templates/:id' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'