identity_providers
Creates, updates, deletes, gets or lists an identity_providers resource.
Overview
| Name | identity_providers |
| Type | Resource |
| Id | okta.users.identity_providers |
Fields
The following fields are returned by SELECT queries:
- list_user_identity_providers
| Name | Datatype | Description |
|---|---|---|
id | string | Unique key for the IdP (example: 0oaWma58liwx40w6boYD) |
name | string | Unique name for the IdP (example: Sample IdP) |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the object was created (example: 2016-01-03T18:15:47.000Z) |
issuerMode | string | Indicates whether Okta uses the original Okta org domain URL or a custom domain URL in the request to the social IdP (default: DYNAMIC) |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2016-01-03T18:15:47.000Z) |
policy | object | Policy settings for the IdP. The following provisioning and account linking actions are supported by each IdP provider: | IdP type | User provisioning actions | Group provisioning actions | Account link actions | Account link filters | | ----------------------------------------------------------------- | ------------------------- | ------------------------------------- | -------------------- | -------------------- | | SAML2 | AUTO or DISABLED | NONE, ASSIGN, APPEND, or SYNC | AUTO, DISABLED | groups, users | | X509, IDV_PERSONA, IDV_INCODE, and IDV_CLEAR | DISABLED | No support for JIT provisioning | | | | All other IdP types | AUTO, DISABLED | NONE or ASSIGN | AUTO, DISABLED | groups, users | |
properties | object | The properties in the IdP properties object vary depending on the IdP type |
protocol | | IdP-specific protocol settings for endpoints, bindings, and algorithms used to connect with the IdP and validate messages |
status | string | |
type | string | The IdP object's type property identifies the social or enterprise IdP used for authentication. Each IdP uses a specific protocol, therefore the protocol object must correspond with the IdP type. If the protocol is OAuth 2.0-based, the protocol object's scopes property must also correspond with the scopes supported by the IdP type. For policy actions supported by each IdP type, see IdP type policy actions. | Type | Description | Corresponding protocol | Corresponding protocol scopes | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -------------------------------------------------------------------- | | AMAZON | Amazon as the IdP | OpenID Connect | profile, profile:user_id | | APPLE | Apple as the IdP | OpenID Connect | names, email, openid | | DISCORD | Discord as the IdP | OAuth 2.0 | identify, email | | FACEBOOK | Facebook as the IdP | OAuth 2.0 | public_profile, email | | GITHUB | GitHub as the IdP | OAuth 2.0 | user | | GITLAB | GitLab as the IdP | OpenID Connect | openid, read_user, profile, email | | GOOGLE | Google as the IdP | OpenID Connect | openid, email, profile | | IDV_PERSONA | Persona as the IDV IdP | ID verification | | | IDV_CLEAR | CLEAR Verified as the IDV IdP | ID verification | openid, profile, identity_assurance | | IDV_INCODE | Incode as the IDV IdP | ID verification | openid, profile, identity_assurance | | LINKEDIN | LinkedIn as the IdP | OAuth 2.0 | r_emailaddress, r_liteprofile | | LOGINGOV | Login.gov as the IdP | OpenID Connect | email, profile, profile:name | | LOGINGOV_SANDBOX | Login.gov's identity sandbox as the IdP | OpenID Connect | email, profile, profile:name | | MICROSOFT | Microsoft Enterprise SSO as the IdP | OpenID Connect | openid, email, profile, https://graph.microsoft.com/User.Read | | OIDC | IdP that supports OpenID Connect | OpenID Connect | openid, email, profile | | PAYPAL | Paypal as the IdP | OpenID Connect | openid, email, profile | | PAYPAL_SANDBOX | Paypal Sandbox as the IdP | OpenID Connect | openid, email, profile | | SALESFORCE | SalesForce as the IdP | OAuth 2.0 | id, email, profile | | SAML2 | Enterprise IdP that supports the SAML 2.0 Web Browser SSO Profile| SAML 2.0 | | | SPOTIFY | Spotify as the IdP | OpenID Connect | user-read-email, user-read-private | | X509 | Smart Card IdP | Mutual TLS | | | XERO | Xero as the IdP | OpenID Connect | openid, profile, email | | YAHOO | Yahoo as the IdP | OpenID Connect | openid, profile, email | | YAHOOJP | Yahoo Japan as the IdP | OpenID Connect | openid, profile, email | | OKTA_INTEGRATION | IdP that supports the OpenID Connect Org2Org IdP | OpenID Connect | openid, email, profile | |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_user_identity_providers | select | subdomain | Lists the identity providers (IdPs) associated with the user |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
SELECT examples
- list_user_identity_providers
Lists the identity providers (IdPs) associated with the user
SELECT
id,
name,
_links,
created,
issuerMode,
lastUpdated,
policy,
properties,
protocol,
status,
type
FROM okta.users.identity_providers
WHERE subdomain = '{{ subdomain }}' -- required;