Identity Providers
- Last UpdatedJul 23, 2024
- 14 minute read
An identity provider provides authentication services and maintains credentials for users that have been provisioned in the platform. Each tenant can have one or more identity providers. Each user is associated with one of the available identity providers in the tenant. A user can only log in with the same identity provider with which they signed up. Note: Identity Provider options differ by platform. OSIsoft Cloud Services supports multiple Identity Providers. CONNECT data services supports only a single Identity Provider: CONNECT.
Get Identity Provider
Returns an IdentityProvider object.
Request
GET /api/v1/IdentityProviders/{identityProviderId}
Parameters
string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProvider | Identity provider specified |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProvider)
{
"Id": "string",
"DisplayName": "string",
"Scheme": "string",
"UserIdClaimType": "string",
"ClientId": "string",
"IsConfigured": true,
"Capabilities": {
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
}
Authorization
Allowed for these roles:
- Tenant Member
Get Identity Provider based on Id
Validates that a identity provider exists.
Request
HEAD /api/v1/IdentityProviders/{identityProviderId}
Parameters
string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Identity provider found |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Identity provider or tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Get Identity Provider by Scheme
Returns a list of identity provider objects that follow a scheme.
Request
GET /api/v1/IdentityProviders/schemes/{scheme}
Parameters
string scheme
Scheme name (for example, AAD or Google).
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProvider | Identity provider specified |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProvider)
{
"Id": "string",
"DisplayName": "string",
"Scheme": "string",
"UserIdClaimType": "string",
"ClientId": "string",
"IsConfigured": true,
"Capabilities": {
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
}
Authorization
Allowed for these roles:
- Tenant Member
Get Identity Provider Based on Scheme
Validates that a scheme exists.
Request
HEAD /api/v1/IdentityProviders/schemes/{scheme}
Parameters
string scheme
Scheme name (for example, AAD or Google).
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Identity provider found |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Identity provider not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
List Identity Providers
Returns a list of identity provider objects.
Request
GET /api/v1/IdentityProviders
?query={query}&skip={skip}&count={count}
Parameters
[optional] string query
(Not supported) Search string identifier.[optional] integer skip
Parameter representing the zero-based offset of the first object to retrieve. If unspecified, a default value of 0 is used.[optional] integer count
Parameter representing the maximum number of objects to retrieve. If unspecified, a default value of 100 is used.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProvider[] | Identity providers found |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProvider[])
[
{
"Id": "string",
"DisplayName": "string",
"Scheme": "string",
"UserIdClaimType": "string",
"ClientId": "string",
"IsConfigured": true,
"Capabilities": {
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
}
]
Authorization
Allowed for these roles:
- Tenant Member
Get Header for Identity Providers
Returns the total number of identity providers.
Request
HEAD /api/v1/IdentityProviders
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Headers for identity providers found |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
List all Identity Providers from Tenant
Returns all identity providers from a tenant.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders
?query={query}&skip={skip}&count={count}
Parameters
string tenantId
Tenant identifier.
[optional] string query
(Not supported) Search string identifier.[optional] integer skip
Parameter representing the zero-based offset of the first object to retrieve. If unspecified, a default value of 0 is used.[optional] integer count
Parameter representing the maximum number of objects to retrieve. If unspecified, a default value of 100 is used.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProvider[] | Identity providers found |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProvider[])
[
{
"Id": "string",
"DisplayName": "string",
"Scheme": "string",
"UserIdClaimType": "string",
"ClientId": "string",
"IsConfigured": true,
"Capabilities": {
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
}
]
Authorization
Allowed for these roles:
- Tenant Member
Get Total Count of Identity Providers
Returns the total number of identity providers in a tenant. The value will be set in the Total-Count header. This method is identical to the GET method but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/IdentityProviders
Parameters
string tenantId
Tenant identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Identity provider headers for tenant |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Member
Add Identity Provider to Tenant
Adds an existing identity provider to a tenant. This identity provider will be available in the Home Realm Discovery Page for users to log in or sign up.
Request
POST /api/v1/Tenants/{tenantId}/IdentityProviders
Parameters
string tenantId
Tenant identifier.
Request Body
IdentityProviderAdd object
{
"AzureActiveDirectoryConsentEmail": "user@example.com",
"AzureActiveDirectoryConsentGivenName": "string",
"AzureActiveDirectoryConsentSurname": "string",
"AzureActiveDirectoryTenant": "string",
"AzureActiveDirectoryConsentTypes": "string",
"IdentityProviderId": "string",
"AzureActiveDirectorySendConsent": true
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 201 | IdentityProvider | Identity provider created |
| 302 | None | Found |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 409 | ErrorResponse | Identity provider already exists in tenant |
| 500 | ErrorResponse | Internal server error. |
| 503 | ErrorResponse | None |
Example response body
201 Response (IdentityProvider)
{
"Id": "string",
"DisplayName": "string",
"Scheme": "string",
"UserIdClaimType": "string",
"ClientId": "string",
"IsConfigured": true,
"Capabilities": {
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get Identity Provider from Tenant
Returns an identity provider from a tenant.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProvider | Identity provider specified |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProvider)
{
"Id": "string",
"DisplayName": "string",
"Scheme": "string",
"UserIdClaimType": "string",
"ClientId": "string",
"IsConfigured": true,
"Capabilities": {
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
}
Authorization
Allowed for these roles:
- Tenant Member
Get Header for Identity Provider
Validates that a identity provider exists in the tenant. This method is identical to the GET method but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Header for identity provider |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Identity provider or tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Member
Remove Identity Provider From Tenant
Removes an identity provider from a tenant. Users provisioned with this identity provider will remain in the tenant, but will not be able to authenticate. An administrator cannot remove the identity provider with which they are signed in.
Request
DELETE /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 204 | None | No content |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Get an Identity Provider Consent from a Tenant
Returns the consent information for an identity provider for a tenant. The ConsentState property, if returned, determines whether an identity provider consents to sharing access to its directory with the tenant. For example, the expected ConsentState's for AAD include (Pending_)SignIn and (Pending_)ReadAllUsersGroups.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Consent
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderConsent | Identity provider consent |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderConsent)
{
"Scheme": "string",
"property1": null,
"property2": null
}
Authorization
Allowed for these roles:
- Tenant Member
Get Header for Identity Provider Consent
Validates that a identity provider consent exists in the tenant. This method is identical to the GET method but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Consent
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider unique identifier to check for consent
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Ok if the identity provider consent exists |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Member
Update Identity Provider Consent of a Tenant
Updates the identity provider consent of a tenant. Currently only supports Azure Active Directory. The consent grants User.Read.All and GroupMember.Read.All permissions to the tenant.
Request
POST /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Consent
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Request Body
Identity provider consent
{
"Scheme": "string",
"property1": null,
"property2": null
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderConsent | Identity provider consent |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderConsent)
{
"Scheme": "string",
"property1": null,
"property2": null
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get a List of All Users on an Identity Provider
Returns a list of users that matches the query string on an identity provider that supports advanced integration, such as Azure Active Directory. The prerequisite is that the identity provider must have already consented to sharing access to its directory with the tenant.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/users
?query={query}&count={count}&skipToken={skipToken}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.string query
Start of user name or email with which to search
[optional] integer count
Maximum number of users to returns[optional] string skipToken
An encoded string that identifies the set of users that was not returned. For example, if you specify a count of the first 50 users matching your query, the skipToken identifies the 51st user.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderResultsOfIdentityProviderUser | List of users found |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderResultsOfIdentityProviderUser)
{
"Results": [
{
"Id": "string",
"GivenName": "string",
"Surname": "string",
"Name": "string",
"Email": "user@example.com"
}
],
"SkipToken": "string"
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get a List of all Groups on an Identity Provider
Returns a list of groups that matches the query string on an identity provider that supports advanced integration, such as Azure Active Directory. The prerequisite is that the identity provider must have already consented to sharing access to its directory with the tenant. The consent grants User.Read.All and GroupMember.Read.All permissions to the tenant.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/groups
?query={query}&count={count}&skipToken={skipToken}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.string query
Start of user name or email to search for
[optional] integer count
Maximum number of groups to return[optional] string skipToken
An encoded string that identifies the set of groups that was not returned. For example, if you specify a count of the first 5 groups matching your query, the skipToken identifies the 6th group.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderResultsOfIdentityProviderGroup | List of groups found |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderResultsOfIdentityProviderGroup)
{
"Results": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true
}
],
"SkipToken": "string"
}
Authorization
Allowed for these roles:
- Tenant Member
Get a List of All Groups that a User Belongs to on an Identity Provider
Returns a list of all groups that the specified user belongs to on an identity provider that supports advanced integration, such as Azure Active Directory. The prerequisite is that the identity provider must have already consented to sharing access to its directory with the tenant. The consent grants User.Read.All and GroupMember.Read.All permissions to the tenant.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Users/{userId}/Groups
?skip={skip}&count={count}&skipToken={skipToken}
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.string userId
User identifier.
[optional] integer skip
Indexes into a result set[optional] integer count
Maximum number of groups to return[optional] string skipToken
An encoded string that identifies the set of groups that was not returned. For example, if you request a count of the first 3 groups matching your query, the skipToken identifies the 4th user.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderResultsOfIdentityProviderGroup | List of groups that user is a member |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Identity provider or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderResultsOfIdentityProviderGroup)
{
"Results": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true
}
],
"SkipToken": "string"
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get Identity Provider Groups
Returns the groups based on the identifiers. Only Advanced Integration Identity providers such as Azure Active Directory and CONNECT support this method.
Request
POST /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/Groups
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Request Body
Group identifier.
[
"string"
]
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderResultsOfIdentityProviderGroup | List of groups |
| 207 | IdentityProviderGroupsMultiStatusResponse | List of groups |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderResultsOfIdentityProviderGroup)
{
"Results": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true
}
],
"SkipToken": "string"
}
Authorization
Allowed for these roles:
- Tenant Member
Get Identity Provider Group Mapping Roles
Returns the groups based on the identifiers that have tenant member access role. Only Advanced Integration Identity providers such as Azure Active Directory and CONNECT support this method.
Request
GET /api/v1/Tenants/{tenantId}/IdentityProviders/{identityProviderId}/groupmappings
Parameters
string tenantId
Tenant identifier.string identityProviderId
Identity provider identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | IdentityProviderResultsOfIdentityProviderGroupMappings | List of groups |
| 207 | IdentityProviderGroupMappingsMultiStatusResponse | List of groups |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (IdentityProviderResultsOfIdentityProviderGroupMappings)
{
"Results": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true,
"IdentityProviderClaimId": "string",
"RoleIds": [
"string"
]
}
],
"SkipToken": "string"
}
Authorization
Allowed for these roles:
- Tenant Member
Definitions
IdentityProvider
The IdentityProvider object
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | guid | false | false | Identity provider identifier |
| DisplayName | string | false | true | Identity provider display name to use |
| Scheme | string | false | true | Name of the cookie handler that will temporarily store the outcome of the external authentication |
| UserIdClaimType | string | false | true | Type of claim |
| ClientId | string | false | true | Client identifier of the identity provider |
| IsConfigured | boolean | false | false | Whether the identity provider has been configured |
| Capabilities | IdentityProviderCapabilities | false | true | Capabilities of the identity provider |
{
"Id": "string",
"DisplayName": "string",
"Scheme": "string",
"UserIdClaimType": "string",
"ClientId": "string",
"IsConfigured": true,
"Capabilities": {
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
}
IdentityProviderCapabilities
The model for the capabilities of an identity provider
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| User | IdentityProviderUserCapabilites | false | true | User-level capabilities |
| Group | IdentityProviderGroupCapabilites | false | true | Group-level capabilities |
{
"User": {
"SignIn": true,
"Invitation": true,
"Search": true
},
"Group": {
"Authorize": true,
"Search": true
}
}
IdentityProviderUserCapabilites
User-level capabilities of an identity provider
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| SignIn | boolean | false | false | Value indicating whether user log in is supported |
| Invitation | boolean | false | false | Value indicating whether authorization via the invitation flow is supported |
| Search | boolean | false | false | Value indicating whether user search is supported |
{
"SignIn": true,
"Invitation": true,
"Search": true
}
IdentityProviderGroupCapabilites
The model for the group level capabilities of an identity provider
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Authorize | boolean | false | false | Value indicating whether authorization via groups is supported |
| Search | boolean | false | false | Value indicating whether group search is supported |
{
"Authorize": true,
"Search": true
}
ErrorResponse
Object returned whenever there is an error
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | true | false | Operation identifier of action that caused the error |
| Error | string | true | false | Error description |
| Reason | string | true | false | Reason for the error |
| Resolution | string | true | false | Resolution to resolve the error |
| DynamicProperties | object | false | true | Additional properties |
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"Resolution": "string",
"DynamicProperties": {
"property1": null,
"property2": null
},
"property1": null,
"property2": null
}
IdentityProviderConsent
The model for an identity provider consent in identity storage
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Scheme | string | false | true | Scheme of the identity provider |
{
"Scheme": "string",
"property1": null,
"property2": null
}
IdentityProviderAdd
Object for adding an identity provider
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| AzureActiveDirectoryConsentEmail | false | true | Email address to send consent | |
| AzureActiveDirectoryConsentGivenName | string | false | true | Preferred name to use in the consent email |
| AzureActiveDirectoryConsentSurname | string | false | true | Preferred surname to use in the consent email |
| AzureActiveDirectoryTenant | string | false | true | Azure Active Directory tenant domain name (for example, mydomain.onmicrosoft.com) |
| AzureActiveDirectoryConsentTypes | string | false | true | Semicolon delimited Azure Active Directory consent types. Can be "SignIn" or "SignIn;ReadAllUsersGroups". |
| IdentityProviderId | guid | false | false | Identity provider identifier |
| AzureActiveDirectorySendConsent | boolean | false | false | Whether to send consent email for Azure Active Directory |
{
"AzureActiveDirectoryConsentEmail": "user@example.com",
"AzureActiveDirectoryConsentGivenName": "string",
"AzureActiveDirectoryConsentSurname": "string",
"AzureActiveDirectoryTenant": "string",
"AzureActiveDirectoryConsentTypes": "string",
"IdentityProviderId": "string",
"AzureActiveDirectorySendConsent": true
}
IdentityProviderResultsOfIdentityProviderUser
Result object for Identity Provider access users/groups
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Results | [IdentityProviderUser] | false | false | List of users/groups |
| SkipToken | string | false | true | Skip token for paging |
{
"Results": [
{
"Id": "string",
"GivenName": "string",
"Surname": "string",
"Name": "string",
"Email": "user@example.com"
}
],
"SkipToken": "string"
}
IdentityProviderUser
Base class for identity provider access user
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | string | false | false | User identifier |
| GivenName | string | false | true | Given name of the user |
| Surname | string | false | true | Surname of the user |
| Name | string | false | true | Name of the user |
| false | true | Email of the user |
{
"Id": "string",
"GivenName": "string",
"Surname": "string",
"Name": "string",
"Email": "user@example.com"
}
IdentityProviderResultsOfIdentityProviderGroup
Result object for Identity Provider access users/groups
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Results | [IdentityProviderGroup] | false | false | List of users/groups |
| SkipToken | string | false | true | Skip token for paging |
{
"Results": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true
}
],
"SkipToken": "string"
}
IdentityProviderGroup
Base class for identity provider access group
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | string | false | false | Object identifier of the IdentityProviderGroup |
| Name | string | false | true | Group name of the IdentityProviderGroup |
| false | true | Email address of the IdentityProviderGroup | ||
| IsClusterManagementAllowed | boolean | false | true | Whether group can manage cluster roles |
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true
}
IdentityProviderGroupsMultiStatusResponse
MultiStatusResponse objects returned in a 207 response
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | false | true | Identifier of the operation that resulted in this error. |
| Error | string | false | true | Message describing the error. |
| Reason | string | false | true | Reason that caused the error. |
| ChildErrors | [MultiStatusResponseChildError] | false | true | List of child errors. |
| Data | [IdentityProviderGroup] | false | true | Data representing groups. |
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"ChildErrors": [
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"Resolution": "string",
"EventId": "string",
"StatusCode": 0,
"ModelId": "string",
"property1": null,
"property2": null
}
],
"Data": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true
}
]
}
MultiStatusResponseChildError
ChildError objects returned in a 207 response
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | true | false | OperationId of action that caused the error |
| Error | string | true | false | Error description |
| Reason | string | true | false | Reason for the error |
| Resolution | string | true | false | Resolution for the error |
| EventId | string | true | false | EventId for the error |
| StatusCode | int32 | false | false | Http status code |
| ModelId | string | false | true | Model identifier |
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"Resolution": "string",
"EventId": "string",
"StatusCode": 0,
"ModelId": "string",
"property1": null,
"property2": null
}
IdentityProviderResultsOfIdentityProviderGroupMappings
Result object for Identity Provider access users/groups
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Results | [IdentityProviderGroupMappings] | false | false | List of users/groups |
| SkipToken | string | false | true | Skip token for paging |
{
"Results": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true,
"IdentityProviderClaimId": "string",
"RoleIds": [
"string"
]
}
],
"SkipToken": "string"
}
IdentityProviderGroupMappings
Class for identity provider group mappings.
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | string | false | true | Object identifier of the IdentityProviderGroupMappings |
| Name | string | false | true | Group name of the IdentityProviderGroupMappings |
| false | true | Email address of the IdentityProviderGroupMappings | ||
| IsClusterManagementAllowed | boolean | false | true | Whether group can manage cluster roles. |
| IdentityProviderClaimId | guid | false | false | Identity Provider ClaimId of the IdentityProviderGroupMappings |
| RoleIds | string[] | false | true | List of roles assigned to this group. |
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true,
"IdentityProviderClaimId": "string",
"RoleIds": [
"string"
]
}
IdentityProviderGroupMappingsMultiStatusResponse
MultiStatusResponse objects returned in a 207 response.
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | false | true | Identifier of the operation that resulted in this error. |
| Error | string | false | true | Message describing the error. |
| Reason | string | false | true | Reason that caused the error. |
| ChildErrors | [MultiStatusResponseChildError] | false | true | List of child errors. |
| Data | [IdentityProviderGroupMappings] | false | true | Data representing groups. |
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"ChildErrors": [
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"Resolution": "string",
"EventId": "string",
"StatusCode": 0,
"ModelId": "string",
"property1": null,
"property2": null
}
],
"Data": [
{
"Id": "string",
"Name": "string",
"Email": "user@example.com",
"IsClusterManagementAllowed": true,
"IdentityProviderClaimId": "string",
"RoleIds": [
"string"
]
}
]
}