OidcIdentityProvider
An OidcIdentityProvider defines the information returned about an external OpenID Connect identity provider for use with user authentication or user verification.
Properties
| Name | Type | Description | Notes |
|---|---|---|---|
| acr_values | str | The space separated list of authentication context request values to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| amr_values | str | The space separated list of authentication method request values to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| authentication_enabled | bool | A flag indicating if the external OIDC identity provider can be used for user authentication. | [optional] |
| authorization_endpoint | str | The authorization endpoint for the external OIDC identity provider. | [optional] |
| button_image | str | The URI of the logo to display on the login button for this external OIDC identity provider. | [optional] |
| button_text | str | The unique text to display on the login button for this external OIDC identity provider. | [optional] |
| client_authentication_method | str | The client authentication method to use with the external OIDC identity provider. | [optional] |
| client_id | str | The client identifier provided by the external OIDC identity provider. | [optional] |
| client_secret | str | The client secret provided by the external OIDC identity provider. Currently this value is not returned. | [optional] |
| create_user | bool | A flag indicating if the user should be created after authenticating to the external OIDC identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true. | [optional] |
| domains | str | The space separated list of domains associated with the external OIDC identity provider for use with user authentication. | [optional] |
| fields | str | The value of user fields that need to be set the external OIDC identity provider when acquiring user information. This value is used with a TWITTER IDP. | [optional] |
| group_ids | List[str] | The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value is used if createUser is true. | [optional] |
| group_mapping | str | The association between a specified claim returned from the external OIDC identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| id | str | The UUID of the external OIDC identity provider. | [optional] |
| id_token_claims | str | The space separated list of id token claims to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| issuer | str | The issuer URI for the external OIDC identity provider. | [optional] |
| jwks_uri | str | The JWKS URI endpoint for the external OIDC identity provider used to verify a token signature. | [optional] |
| max_age | int | The max age to request as part of the external OIDC identity provider user authentication or user verification request. If -1, the value will not be included in the request. | [optional] |
| name | str | The unique name of the external OIDC identity provider. | [optional] |
| organization_ids | List[str] | The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value is used if createUser is true. | [optional] |
| require_userinfo_signature | bool | A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified. | [optional] |
| revocation_endpoint | str | The revocation endpoint for the external OIDC identity provider. | [optional] |
| role_mapping | str | The association between a specified claim returned from the external OIDC identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| scopes | str | The space separated list of scopes to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| token_endpoint | str | The token endpoint for the external OIDC identity provider. | [optional] |
| type | str | The type of the external OIDC identity provider. Once created, this value cannot be updated. | [optional] |
| update_user | bool | A flag indicating if the user should be updated after authenticating to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true. | [optional] |
| update_user_verification | bool | A flag indicating if the user should be updated after user verification to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if verificationEnabled is true. | [optional] |
| user_attribute_id | str | The IDaaS user attribute ID used to find IDaaS users associated with an external OIDC identity provider user authentication. This value is used if authenticationEnabled is true. | [optional] |
| user_attribute_mappings | List[OidcIdentityProviderAttributeMapping] | The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value is used if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| user_auth_match_mappings | List[OidcIdentityProviderUserAuthMatchMapping] | The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user authentication. If configured, the full set of mappings must be configured. This value is used if authenticationEnabled is true. | [optional] |
| user_claim | str | The external OIDC identity provider claim used to find IDaaS users associated with an external OIDC identity provider user authentication. This value is used if authenticationEnabled is true. | [optional] |
| user_ver_match_mappings | List[OidcIdentityProviderUserVerMatchMapping] | The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value is used if verificationEnabled is true. | [optional] |
| userinfo_claims | str | The space separated list of user information claims to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| userinfo_endpoint | str | The user information endpoint for the external OIDC identity provider. | [optional] |
| verification_enabled | bool | A flag indicating if the external OIDC identity provider can be used for user verification. | [optional] |