Claims
- Last UpdatedAug 11, 2021
- 5 minute read
An identity provider claim provides a mechanism to map a claim from an identity provider to one or more roles.
List all Identity Provider Claims
Returns all identity provider claims for an identity provider on a tenant.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Claims
?query={query}&skip={skip}&count={count}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
[optional] string query
(Not supported) Search string identifier.[optional] integer skip
Parameter representing the zero-based offset of the first object to retrieve. If unspecified, a default value of 0 is used.[optional] integer count
Parameter representing the maximum number of objects to retrieve. If unspecified, a default value of 100 is used.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderClaim[] | List of identity provider claims found |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant or identity provider not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderClaim[])
[
{
"Id": "string",
"TypeName": "string",
"Value": "string",
"RoleIds": [
"string"
],
"IsBuiltIn": true
}
]
Authorization
Allowed for these roles:
- Tenant Administrator
Get all Identity Provider Claims Header
Returns the header information for all identity provider claims for an identity provider on a tenant.
Request
HEAD /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Claims
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Identity provider claim header information |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Tenant or identity provider not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Create New Identity Provider Claim
Creates a new identity provider claim for an identity provider on a tenant.
Request
POST /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Claims
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Request Body
Identity provider claim to create
{
"Value": "string",
"IdentityProviderClaimTypeNameId": "string",
"RoleIds": [
"string"
],
"IsBuiltIn": true
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 201 | IdentityProviderClaim | Identity provider claim created |
| 302 | None | Found |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant, identity provider, or roles not found |
| 408 | ErrorResponse | Operation timed out. |
| 409 | ErrorResponse | Identity provider claim configuration already exists |
| 500 | ErrorResponse | Internal server error. |
Example response body
201 Response (IdentityProviderClaim)
{
"Id": "string",
"TypeName": "string",
"Value": "string",
"RoleIds": [
"string"
],
"IsBuiltIn": true
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get Identity Provider Claim
Returns an identity provider claim from an identity provider on a tenant.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Claims/{identityProviderClaimId}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.string identityProviderClaimId
Identity provider claim identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderClaim | Identity provider claim specified |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant, identity provider, or identity provider claim not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderClaim)
{
"Id": "string",
"TypeName": "string",
"Value": "string",
"RoleIds": [
"string"
],
"IsBuiltIn": true
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get Identity Provider Claim Header
Returns an identity provider claim header from an identity provider on a tenant.
Request
HEAD /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Claims/{identityProviderClaimId}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.string identityProviderClaimId
Identity provider claim identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Identity provider claim specified header |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Tenant, identity provider, or identity provider claim not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Update an Existing Identity Provider Claim
Updates a new identity provider claim for an identity provider on a tenant.
Request
PUT /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Claims/{identityProviderClaimId}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.string identityProviderClaimId
Identity provider claim identifier.
Request Body
Updated identity provider claim values
{
"Value": "string",
"RoleIds": [
"string"
]
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderClaim | Updated identity provider claim |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant, identity provider, identity provider claim, or roles not found |
| 408 | ErrorResponse | Operation timed out. |
| 409 | ErrorResponse | Identity provider claim configuration already exists |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderClaim)
{
"Id": "string",
"TypeName": "string",
"Value": "string",
"RoleIds": [
"string"
],
"IsBuiltIn": true
}
Authorization
Allowed for these roles:
- Tenant Administrator
Delete an Existing Identity Provider Claim
Deletes an identity provider claim for an identity provider on a tenant.
Request
DELETE /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Claims/{identityProviderClaimId}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.string identityProviderClaimId
Identity provider claim identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 204 | None | No content |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant, identity provider, or identity provider claim not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Definitions
IdentityProviderClaim
Object representing a claim from an identity provider to map to a role
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | guid | false | false | Identity provider claim identifier |
| TypeName | string | false | true | Type name for this identity provider claim |
| Value | string | false | true | Value for this identity provider claim |
| RoleIds | string[] | false | true | List of role identifiers that this claim on this identity provider will map |
| IsBuiltIn | boolean | false | false | Indicates if this claim entry is built-in. When this value is true, callers cannot modify or delete the claim. |
{
"Id": "string",
"TypeName": "string",
"Value": "string",
"RoleIds": [
"string"
],
"IsBuiltIn": true
}
ErrorResponse
Object returned whenever there is an error
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | true | false | Operation identifier of action that caused the error |
| Error | string | true | false | Error description |
| Reason | string | true | false | Reason for the error |
| Resolution | string | true | false | Resolution to resolve the error |
| DynamicProperties | object | false | true | Additional properties |
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"Resolution": "string",
"DynamicProperties": {
"property1": null,
"property2": null
},
"property1": null,
"property2": null
}
IdentityProviderClaimCreate
Identity provider claim to create
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Value | string | false | true | Value for this identity provider claim |
| IdentityProviderClaimTypeNameId | guid | false | false | Identity provider claim type name identifier for this identity provider claim |
| RoleIds | string[] | false | true | List of role identifiers associated with this identity provider claim |
| IsBuiltIn | boolean | false | false | Indicates if this claim entry is built-in. This value must be set to false or not specified. |
{
"Value": "string",
"IdentityProviderClaimTypeNameId": "string",
"RoleIds": [
"string"
],
"IsBuiltIn": true
}
IdentityProviderClaimUpdate
Update information for an identity provider claim
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Value | string | false | true | Value for this identity provider claim |
| RoleIds | string[] | false | true | List of role identifiers associated with this identity provider claim |
{
"Value": "string",
"RoleIds": [
"string"
]
}