SamlIdentityProviderParms
An SamlIdentityProviderParms defines the information passed to Identity as a Service when creating or modifying an external SAML identity provider for use with user authentication or user verification.
Properties
| Name | Type | Description | Notes |
|---|---|---|---|
| AcrValues | string | The space separated list of authentication context request values to request as part of the external SAML identity provider user authentication or user verification request. | [optional] |
| AcsUrl | string | The assertion consumer service URL provided to the external SAML identity provider. Leave empty to use default value. | [optional] |
| AuthenticationEnabled | bool? | A flag indicating if the external SAML identity provider can be used for user authentication. If enabled, userAttributeId and userClaim are required. | [optional] [default to false] |
| ButtonImage | string | The URI of the logo to display on the login button for this external SAML identity provider. | [optional] |
| ButtonText | string | The unique text to display on the login button for this external SAML identity provider. This value is required when creating an IDP. | [optional] |
| CreateUser | bool? | A flag indicating if the user should be created after authenticating to the external SAML identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. | [optional] [default to false] |
| Domains | string | The space separated list of domains associated with the external SAML identity provider for use with user authentication. | [optional] |
| ForceAuthn | bool? | A flag indicating if a force authentication should always be requested as part of the external SAML identity provider user authentication or user verification request. | [optional] |
| GroupIds | List<string> | The UUIDs of groups that will be assigned to users created after an external SAML identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true. | [optional] |
| GroupMapping | string | The association between a specified claim returned from the external SAML identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| Issuer | string | The issuer, or IDP Entity ID, for the external SAML identity provider. | [optional] |
| Name | string | The unique name of the external SAML identity provider. This value is required when creating an IDP. | [optional] |
| NameIdPolicyFormat | string | The name ID policy format to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| OrganizationIds | List<string> | The UUIDs of organizations that will be assigned to users created after an external SAML identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true. | [optional] |
| RequireAssertionSignature | bool? | A flag indicating if the SAML Assertion of the external SAML identity provider should be signed and verified. | [optional] [default to false] |
| RequireResponseSignature | bool? | A flag indicating if the SAML Response of the external SAML identity provider should be signed and verified. | [optional] [default to false] |
| RoleMapping | string | The association between a specified claim returned from the external SAML identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| SloEndpoint | string | The single logout endpoint for the external SAML identity provider. | [optional] |
| SpEntityId | string | The SP entity ID provided to the external SAML identity provider. This value is required when creating an IDP. | [optional] |
| SsoEndpoint | string | The single signon endpoint for the external SAML identity provider. This value is required when creating an IDP. | [optional] |
| Type | string | The type of the external SAML identity provider. Once created, this value cannot be updated. This value is required when creating an IDP. | [optional] |
| UpdateUser | bool? | A flag indicating if the user should be updated after authenticating to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. | [optional] [default to false] |
| UpdateUserVerification | bool? | A flag indicating if the user should be updated after user verification to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if verificationEnabled is true. | [optional] [default to false] |
| UserAttributeId | string | The IDaaS user attribute ID used to find IDaaS users associated with an external SAML identity provider user authentication. This value can only be set if authenticationEnabled is true. | [optional] |
| UserAttributeMappings | List<SamlIdentityProviderAttributeMapping> | The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| UserAuthMatchMappings | List<SamlIdentityProviderUserAuthMatchMapping> | The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user authentication. If configured, the full set of mappings must be configured. This value can only be set if authenticationEnabled is true. | [optional] |
| UserClaim | string | The external SAML identity provider claim (attribute) used to find IDaaS users associated with an external SAML identity provider user authentication. This value can only be set if authenticationEnabled is true. | [optional] |
| UserNameFormat | string | If user name parameter is set to NameID, the value of the format of this value. | [optional] |
| UserNameParameter | string | The name of the parameter to include with the SAML authentication request that will contain the value of the user's userid. Set the value to NameID to pass this value as part of the SAML Request message. | [optional] |
| UserVerMatchMappings | List<SamlIdentityProviderUserVerMatchMapping> | The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if verificationEnabled is true. | [optional] |
| VerificationCertificate | byte[] | The verification certificate used with the external SAML identity provider. | [optional] |
| VerificationCertificate2 | byte[] | The verification certificate2 used with the external SAML identity provider. | [optional] |
| VerificationEnabled | bool? | A flag indicating if the external SAML identity provider can be used for user verification. If enabled, userVerMatchMappings is required. | [optional] [default to false] |