OidcIdentityProviderParms
An OidcIdentityProviderParms defines the information passed to Identity as a Service when creating or modifying an external OpenID Connect identity provider for use with user authentication or user verification.
Properties
| Name | Type | Description | Notes |
|---|---|---|---|
| acr_values | str | The space separated list of authentication context request values to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| amr_values | str | The space separated list of authentication method request values to request as part of the external OIDC identity provider user authentication or user verification request. This is required when creating an IDV IDP. | [optional] |
| authentication_enabled | bool | A flag indicating if the external OIDC identity provider can be used for user authentication. If enabled, userAttributeId and userClaim are required. | [optional] [default to False] |
| authorization_endpoint | str | The authorization endpoint for the external OIDC identity provider. This value is required when creating an IDP. | [optional] |
| button_image | str | The URI of the logo to display on the login button for this external OIDC identity provider. | [optional] |
| button_text | str | The unique text to display on the login button for this external OIDC identity provider. This value is required when creating an IDP. | [optional] |
| client_authentication_method | str | The client authentication method to use with the external OIDC identity provider. The default value is ClientAuthenticationMethod.CLIENT_SECRET_BASIC. | [optional] |
| client_id | str | The client identifier provided by the external OIDC identity provider. This value is required when creating an IDP. | [optional] |
| client_secret | str | The client secret provided by the external OIDC identity provider. This value is required when creating an IDP. | [optional] |
| create_user | bool | A flag indicating if the user should be created after authenticating to the external OIDC identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. | [optional] [default to False] |
| domains | str | The space separated list of domains associated with the external OIDC identity provider for use with user authentication. | [optional] |
| fields | str | The value of user fields that need to be set the external OIDC identity provider when acquiring user information. This value is required when creating a TWITTER IDP. | [optional] |
| group_ids | List[str] | The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true. | [optional] |
| group_mapping | str | The association between a specified claim returned from the external OIDC identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| id_token_claims | str | The space separated list of id token claims to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| issuer | str | The issuer URI for the external OIDC identity provider. This value is required when creating an IDP. | [optional] |
| jwks_uri | str | The JWKS URI endpoint for the external OIDC identity provider used to verify a token signature. This value is required when creating an IDP except for TWITTER. | [optional] |
| max_age | int | The max age to request as part of the external OIDC identity provider user authentication or user verification request. If -1, the value will not be included in the request. | [optional] [default to -1] |
| name | str | The unique name of the external OIDC identity provider. This value is required when creating an IDP. | [optional] |
| organization_ids | List[str] | The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true. | [optional] |
| require_userinfo_signature | bool | A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified. | [optional] [default to False] |
| revocation_endpoint | str | The revocation endpoint for the external OIDC identity provider. | [optional] |
| role_mapping | str | The association between a specified claim returned from the external OIDC identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| scopes | str | The space separated list of scopes to request as part of the external OIDC identity provider user authentication or user verification request. This value is required when creating an IDP except for TWITTER. | [optional] |
| token_endpoint | str | The token endpoint for the external OIDC identity provider. This value is required when creating an IDP. | [optional] |
| type | str | The type of the external OIDC identity provider. Once created, this value cannot be updated. This value is required when creating an IDP. | [optional] |
| update_user | bool | A flag indicating if the user should be updated after authenticating to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. | [optional] [default to False] |
| update_user_verification | bool | A flag indicating if the user should be updated after user verification to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if verificationEnabled is true. | [optional] [default to False] |
| user_attribute_id | str | The IDaaS user attribute ID used to find IDaaS users associated with an external OIDC identity provider user authentication. This value can only be set if authenticationEnabled is true. | [optional] |
| user_attribute_mappings | List[OidcIdentityProviderAttributeMapping] | The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if createUser, updateUser, or updateVerificationUser is true. | [optional] |
| user_auth_match_mappings | List[OidcIdentityProviderUserAuthMatchMapping] | The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user authentication. If configured, the full set of mappings must be configured. This value can only be set if authenticationEnabled is true. | [optional] |
| user_claim | str | The external OIDC identity provider claim used to find IDaaS users associated with an external OIDC identity provider user authentication. This value can only be set if authenticationEnabled is true. | [optional] |
| user_ver_match_mappings | List[OidcIdentityProviderUserVerMatchMapping] | The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if verificationEnabled is true. | [optional] |
| userinfo_claims | str | The space separated list of user information claims to request as part of the external OIDC identity provider user authentication or user verification request. | [optional] |
| userinfo_endpoint | str | The user information endpoint for the external OIDC identity provider. | [optional] |
| verification_enabled | bool | A flag indicating if the external OIDC identity provider can be used for user verification. If enabled, userVerMatchMappings is required. | [optional] [default to False] |