Identity provider instance creation payloads
Following examples are the sample payloads for the creation of few of the provider type instances.
Note:
- If they are not specified, the properties
show_end_user
andshow_admin_user
are added automatically withvalue: true
. - Only SAML Enterprise type of identity source can have multiple instances created.
- All the identity source types, except SAML Enterprise and LDAP Passthrough types, have a predetermined and reserved realm values that are associated with them. Every instance of SAML Enterprise and LDAP Passthrough must have a unique realm specified. Otherwise, an error is returned. See Managing identity providers and the topic for the identity source type to find the reserved realm value for that identity source.
{
"sourceTypeId": 1,
"instanceName": "Facebook",
"enabled": true,
"predefined": true,
"status": "configured",
"properties": [
{
"sensitive": true,
"value": "abcdefg",
"key": "client_id"
},
{
"sensitive": true,
"value": "pqrst",
"key": "client_secret"
},
{
"sensitive": false,
"value": "true",
"key": "show_end_user"
},
{
"sensitive": false,
"value": "true",
"key": "show_admin_user"
},
{
"sensitive": false,
"value": "www.facebook.com",
"key": "realm"
}
]
}
Note:
For other social provider types like LinkedIn, Google, GitHub, Yahoo, X, and others, the payload is similar, but with the provider's respective values.
Cloud Directory
{
"sourceTypeId": 5
"instanceName": "Cloud Directory",
"enabled": true,
"properties": [
{
"sensitive": false,
"value": "true",
"key": "show_end_user"
},
{
"sensitive": false,
"value": "true",
"key": "show_admin_user"
}
{
"sensitive": false,
"value": "cloudIdentityRealm",
"key": "realm"
}
]
}
Note:
The Cloud Directory provider instance is ready to use for all the tenants.
SAML Enterprise
{
"sourceTypeId" : 4,
"instanceName" : "SAML Enterprise - IAM Connect",
"enabled" : true,
"predefined" : false,
"autoConsentEnabled": true,
"status" : "configured",
"properties" : [
{
"sensitive" : false,
"key" : "initiator",
"value" : "identityProvider"
},
{
"sensitive" : false,
"key" : "trigger_url",
"value" : "https://ip-wga/isam/sps/saml20ip/saml20/logininitial?RequestBinding=HTTPPost&ResponseBinding=HTTPPost&PartnerId=https://tenant name.ice.ibmcloudsecurity.com/saml/sps/saml20sp/saml20&NameIdFormat=email"
},
{
"sensitive" : false,
"key" : "metadata",
"value" : "XML metadata providing IdP entity description - <md:EntityDescriptor> <md:IDPSSODescriptor> </md:IDPSSODescriptor> </md:EntityDescriptor>"
},
{
"sensitive": false,
"value": "saml.abc.com",
"key": "realm"
}
]
}
Note: If the property
initiator = serviceProvider
is set, then the
sp_trigger_url
property is populated automatically and the
metadata
property value must provide an SP entity description. If sp_trigger_url
is provided in the creation payload, the value that is provided
is used instead of the automatically populated one.LDAP Passthrough
{
"sourceTypeId" : 8,
"instanceName" : "LDAP Passthrough",
"enabled" : true,
"properties" : [
{
"sensitive": false,
"value": "true",
"key": "show_end_user"
},
{
"sensitive": false,
"value": "false",
"key": "show_admin_user"
},
{
"sensitive": false,
"value": "passthrough.abc.com",
"key": "realm"
}
]
}
Onprem LDAP
{
"sourceTypeId" : 16,
"instanceName" : "Acme LDAP Onprem",
"enabled" : true,
"properties" : [
{
"sensitive": false,
"value": "<agent_cfg_uuid>",
"key": "agent"
},
{
"sensitive": false,
"value": "false",
"key": "isAdminCloudEnabled"
},
{
"sensitive": false,
"value": "cloudIdentityRealm",
"key": "realm"
},
{
"sensitive": false,
"value": "true",
"key": "show_admin_user"
},
{
"sensitive": false,
"value": "true",
"key": "show_admin_user_fido"
},
{
"sensitive": false,
"value": "true",
"key": "show_admin_user_qr"
},
{
"sensitive": false,
"value": "true",
"key": "show_end_user"
},
{
"sensitive": false,
"value": "true",
"key": "show_end_user_fido"
},
{
"sensitive": false,
"value": "true",
"key": "show_end_user_qr"
}
]
}
Sign in with Apple
{
"instanceName": "Apple",
"sourceTypeId": 15,
"enabled": true,
"properties": [
{
"sensitive": false,
"value": "www.apple.com",
"key": "realm"
},
{
"sensitive": false,
"value": "true",
"key": "identityLinkingEnabled"
},
{
"sensitive": false,
"value": "true",
"key": "JitEnabled"
},
{
"sensitive": false,
"value": "email",
"key": "principalAttribute"
},
{
"sensitive": false,
"value": "com.test.app",
"key": "client_id"
},
{
"sensitive": false,
"value": "ABCD98ABC",
"key": "key_id"
},
{
"sensitive": false,
"value": "ABCD7SK3JE",
"key": "team_id"
},
{
"sensitive": false,
"value": "MIGWAgABCD................",
"key": "signing_key"
},
{
"sensitive": false,
"value": "apple_key_label",
"key": "signing_key_label"
}
]
}