Skip to content

IdentityProviderApi.md

Latest commit

 

History

History
616 lines (423 loc) · 23.5 KB

IdentityProviderApi.md

File metadata and controls

616 lines (423 loc) · 23.5 KB

okta.IdentityProviderApi

All URIs are relative to https://subdomain.okta.com

Method HTTP request Description
activate_identity_provider POST /api/v1/idps/{idpId}/lifecycle/activate Activate an IdP
create_identity_provider POST /api/v1/idps Create an IdP
deactivate_identity_provider POST /api/v1/idps/{idpId}/lifecycle/deactivate Deactivate an IdP
delete_identity_provider DELETE /api/v1/idps/{idpId} Delete an IdP
get_identity_provider GET /api/v1/idps/{idpId} Retrieve an IdP
list_identity_providers GET /api/v1/idps List all IdPs
replace_identity_provider PUT /api/v1/idps/{idpId} Replace an IdP

activate_identity_provider

IdentityProvider activate_identity_provider(idp_id)

Activate an IdP

Activates an inactive identity provider (IdP)

Example

  • Api Key Authentication (apiToken):
  • OAuth Authentication (oauth2):
import okta
from okta.models.identity_provider import IdentityProvider
from okta.rest import ApiException
from pprint import pprint

# Defining the host is optional and defaults to https://subdomain.okta.com
# See configuration.py for a list of all supported configuration parameters.
configuration = okta.Configuration(
    host = "https://subdomain.okta.com"
)

# The client must configure the authentication and authorization parameters
# in accordance with the API server security policy.
# Examples for each auth method are provided below, use the example that
# satisfies your auth use case.

# Configure API key authorization: apiToken
configuration.api_key['apiToken'] = os.environ["API_KEY"]

# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['apiToken'] = 'Bearer'

configuration.access_token = os.environ["ACCESS_TOKEN"]

# Enter a context with an instance of the API client
with okta.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = okta.IdentityProviderApi(api_client)
    idp_id = '0oa62bfdjnK55Z5x80h7' # str | `id` of IdP

    try:
        # Activate an IdP
        api_response = api_instance.activate_identity_provider(idp_id)
        print("The response of IdentityProviderApi->activate_identity_provider:\n")
        pprint(api_response)
    except Exception as e:
        print("Exception when calling IdentityProviderApi->activate_identity_provider: %s\n" % e)

Parameters

Name Type Description Notes
idp_id str `id` of IdP

Return type

IdentityProvider

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status code Description Response headers
200 Success -
403 Forbidden -
404 Not Found -
429 Too Many Requests -

[Back to top] [Back to API list] [Back to Model list] [Back to README]

create_identity_provider

IdentityProvider create_identity_provider(identity_provider)

Create an IdP

Creates a new identity provider (IdP) integration. #### SAML 2.0 IdP You must first add the IdP's signature certificate to the IdP key store before you can add a SAML 2.0 IdP with a kid credential reference. Don't use fromURI to automatically redirect a user to a particular app after successfully authenticating with a third-party IdP. Instead, use SAML deep links. Using fromURI isn't tested or supported. For more information about using deep links when signing users in using an SP-initiated flow, see Understanding SP-Initiated Login flow. Use SAML deep links to automatically redirect the user to an app after successfully authenticating with a third-party IdP. To use deep links, assemble these three parts into a URL: * SP ACS URL
For example: https://${yourOktaDomain}/sso/saml2/:idpId * The app to which the user is automatically redirected after successfully authenticating with the IdP
For example: /app/:app-location/:appId/sso/saml * Optionally, if the app is an outbound SAML app, you can specify the relayState passed to it.
For example: ?RelayState=:anyUrlEncodedValue The deep link for the above three parts is:
https://${yourOktaDomain}/sso/saml2/:idpId/app/:app-location/:appId/sso/saml?RelayState=:anyUrlEncodedValue #### Smart Card X509 IdP You must first add the IdP's server certificate to the IdP key store before you can add a Smart Card X509 IdP with a kid credential reference. You need to upload the whole trust chain as a single key using the Key Store API. Depending on the information stored in the smart card, select the proper template idpuser.subjectAltNameEmail or idpuser.subjectAltNameUpn. #### Identity verification vendors as identity providers Identity verification (IDV) vendors work like IdPs, with a few key differences. IDV vendors verify your user's identities by requiring them to submit a proof of identity. There are many ways to verify user identities. For example, a proof of identity can be a selfie to determine liveliness or it can be requiring users to submit a photo of their driver's license and matching that information with a database. There are three IDV vendors (Persona, CLEAR Verified, and Incode) with specific configuration settings and another IDV vendor type (Custom IDV) that lets you create a custom IDV vendor, using a standardized IDV process. You can configure each of the IDV vendors as IdPs in your org by creating an account with the vendor, and then creating an IdP integration. Control how the IDVs verify your users by using Okta account management policy rules. * Persona * CLEAR Verified * Incode * Custom IDV

Example

  • Api Key Authentication (apiToken):
  • OAuth Authentication (oauth2):
import okta
from okta.models.identity_provider import IdentityProvider
from okta.rest import ApiException
from pprint import pprint

# Defining the host is optional and defaults to https://subdomain.okta.com
# See configuration.py for a list of all supported configuration parameters.
configuration = okta.Configuration(
    host = "https://subdomain.okta.com"
)

# The client must configure the authentication and authorization parameters
# in accordance with the API server security policy.
# Examples for each auth method are provided below, use the example that
# satisfies your auth use case.

# Configure API key authorization: apiToken
configuration.api_key['apiToken'] = os.environ["API_KEY"]

# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['apiToken'] = 'Bearer'

configuration.access_token = os.environ["ACCESS_TOKEN"]

# Enter a context with an instance of the API client
with okta.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = okta.IdentityProviderApi(api_client)
    identity_provider = okta.IdentityProvider() # IdentityProvider | IdP settings

    try:
        # Create an IdP
        api_response = api_instance.create_identity_provider(identity_provider)
        print("The response of IdentityProviderApi->create_identity_provider:\n")
        pprint(api_response)
    except Exception as e:
        print("Exception when calling IdentityProviderApi->create_identity_provider: %s\n" % e)

Parameters

Name Type Description Notes
identity_provider IdentityProvider IdP settings

Return type

IdentityProvider

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

HTTP response details

Status code Description Response headers
200 Success -
400 Bad Request -
403 Forbidden -
429 Too Many Requests -

[Back to top] [Back to API list] [Back to Model list] [Back to README]

deactivate_identity_provider

IdentityProvider deactivate_identity_provider(idp_id)

Deactivate an IdP

Deactivates an active identity provider (IdP)

Example

  • Api Key Authentication (apiToken):
  • OAuth Authentication (oauth2):
import okta
from okta.models.identity_provider import IdentityProvider
from okta.rest import ApiException
from pprint import pprint

# Defining the host is optional and defaults to https://subdomain.okta.com
# See configuration.py for a list of all supported configuration parameters.
configuration = okta.Configuration(
    host = "https://subdomain.okta.com"
)

# The client must configure the authentication and authorization parameters
# in accordance with the API server security policy.
# Examples for each auth method are provided below, use the example that
# satisfies your auth use case.

# Configure API key authorization: apiToken
configuration.api_key['apiToken'] = os.environ["API_KEY"]

# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['apiToken'] = 'Bearer'

configuration.access_token = os.environ["ACCESS_TOKEN"]

# Enter a context with an instance of the API client
with okta.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = okta.IdentityProviderApi(api_client)
    idp_id = '0oa62bfdjnK55Z5x80h7' # str | `id` of IdP

    try:
        # Deactivate an IdP
        api_response = api_instance.deactivate_identity_provider(idp_id)
        print("The response of IdentityProviderApi->deactivate_identity_provider:\n")
        pprint(api_response)
    except Exception as e:
        print("Exception when calling IdentityProviderApi->deactivate_identity_provider: %s\n" % e)

Parameters

Name Type Description Notes
idp_id str `id` of IdP

Return type

IdentityProvider

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status code Description Response headers
200 Success -
403 Forbidden -
404 Not Found -
429 Too Many Requests -

[Back to top] [Back to API list] [Back to Model list] [Back to README]

delete_identity_provider

delete_identity_provider(idp_id)

Delete an IdP

Deletes an identity provider (IdP) integration by idpId * All existing IdP users are unlinked with the highest order profile source taking precedence for each IdP user. * Unlinked users keep their existing authentication provider such as FEDERATION or SOCIAL.

Example

  • Api Key Authentication (apiToken):
  • OAuth Authentication (oauth2):
import okta
from okta.rest import ApiException
from pprint import pprint

# Defining the host is optional and defaults to https://subdomain.okta.com
# See configuration.py for a list of all supported configuration parameters.
configuration = okta.Configuration(
    host = "https://subdomain.okta.com"
)

# The client must configure the authentication and authorization parameters
# in accordance with the API server security policy.
# Examples for each auth method are provided below, use the example that
# satisfies your auth use case.

# Configure API key authorization: apiToken
configuration.api_key['apiToken'] = os.environ["API_KEY"]

# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['apiToken'] = 'Bearer'

configuration.access_token = os.environ["ACCESS_TOKEN"]

# Enter a context with an instance of the API client
with okta.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = okta.IdentityProviderApi(api_client)
    idp_id = '0oa62bfdjnK55Z5x80h7' # str | `id` of IdP

    try:
        # Delete an IdP
        api_instance.delete_identity_provider(idp_id)
    except Exception as e:
        print("Exception when calling IdentityProviderApi->delete_identity_provider: %s\n" % e)

Parameters

Name Type Description Notes
idp_id str `id` of IdP

Return type

void (empty response body)

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status code Description Response headers
204 No Content -
403 Forbidden -
404 Not Found -
429 Too Many Requests -

[Back to top] [Back to API list] [Back to Model list] [Back to README]

get_identity_provider

IdentityProvider get_identity_provider(idp_id)

Retrieve an IdP

Retrieves an identity provider (IdP) integration by idpId

Example

  • Api Key Authentication (apiToken):
  • OAuth Authentication (oauth2):
import okta
from okta.models.identity_provider import IdentityProvider
from okta.rest import ApiException
from pprint import pprint

# Defining the host is optional and defaults to https://subdomain.okta.com
# See configuration.py for a list of all supported configuration parameters.
configuration = okta.Configuration(
    host = "https://subdomain.okta.com"
)

# The client must configure the authentication and authorization parameters
# in accordance with the API server security policy.
# Examples for each auth method are provided below, use the example that
# satisfies your auth use case.

# Configure API key authorization: apiToken
configuration.api_key['apiToken'] = os.environ["API_KEY"]

# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['apiToken'] = 'Bearer'

configuration.access_token = os.environ["ACCESS_TOKEN"]

# Enter a context with an instance of the API client
with okta.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = okta.IdentityProviderApi(api_client)
    idp_id = '0oa62bfdjnK55Z5x80h7' # str | `id` of IdP

    try:
        # Retrieve an IdP
        api_response = api_instance.get_identity_provider(idp_id)
        print("The response of IdentityProviderApi->get_identity_provider:\n")
        pprint(api_response)
    except Exception as e:
        print("Exception when calling IdentityProviderApi->get_identity_provider: %s\n" % e)

Parameters

Name Type Description Notes
idp_id str `id` of IdP

Return type

IdentityProvider

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status code Description Response headers
200 Success -
403 Forbidden -
404 Not Found -
429 Too Many Requests -

[Back to top] [Back to API list] [Back to Model list] [Back to README]

list_identity_providers

List[IdentityProvider] list_identity_providers(q=q, after=after, limit=limit, type=type)

List all IdPs

Lists all identity provider (IdP) integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query.

Example

  • Api Key Authentication (apiToken):
  • OAuth Authentication (oauth2):
import okta
from okta.models.identity_provider import IdentityProvider
from okta.models.identity_provider_type import IdentityProviderType
from okta.rest import ApiException
from pprint import pprint

# Defining the host is optional and defaults to https://subdomain.okta.com
# See configuration.py for a list of all supported configuration parameters.
configuration = okta.Configuration(
    host = "https://subdomain.okta.com"
)

# The client must configure the authentication and authorization parameters
# in accordance with the API server security policy.
# Examples for each auth method are provided below, use the example that
# satisfies your auth use case.

# Configure API key authorization: apiToken
configuration.api_key['apiToken'] = os.environ["API_KEY"]

# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['apiToken'] = 'Bearer'

configuration.access_token = os.environ["ACCESS_TOKEN"]

# Enter a context with an instance of the API client
with okta.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = okta.IdentityProviderApi(api_client)
    q = 'Example SAML' # str | Searches the `name` property of IdPs for matching value (optional)
    after = 'after_example' # str | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/api/#pagination) and [Link header](https://developer.okta.com/docs/api/#link-header). (optional)
    limit = 20 # int | A limit on the number of objects to return (optional) (default to 20)
    type = okta.IdentityProviderType() # IdentityProviderType | Filters IdPs by `type` (optional)

    try:
        # List all IdPs
        api_response = api_instance.list_identity_providers(q=q, after=after, limit=limit, type=type)
        print("The response of IdentityProviderApi->list_identity_providers:\n")
        pprint(api_response)
    except Exception as e:
        print("Exception when calling IdentityProviderApi->list_identity_providers: %s\n" % e)

Parameters

Name Type Description Notes
q str Searches the `name` property of IdPs for matching value [optional]
after str The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See Pagination and Link header. [optional]
limit int A limit on the number of objects to return [optional] [default to 20]
type IdentityProviderType Filters IdPs by `type` [optional]

Return type

List[IdentityProvider]

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status code Description Response headers
200 Success -
403 Forbidden -
429 Too Many Requests -

[Back to top] [Back to API list] [Back to Model list] [Back to README]

replace_identity_provider

IdentityProvider replace_identity_provider(idp_id, identity_provider)

Replace an IdP

Replaces an identity provider (IdP) integration by idpId

Example

  • Api Key Authentication (apiToken):
  • OAuth Authentication (oauth2):
import okta
from okta.models.identity_provider import IdentityProvider
from okta.rest import ApiException
from pprint import pprint

# Defining the host is optional and defaults to https://subdomain.okta.com
# See configuration.py for a list of all supported configuration parameters.
configuration = okta.Configuration(
    host = "https://subdomain.okta.com"
)

# The client must configure the authentication and authorization parameters
# in accordance with the API server security policy.
# Examples for each auth method are provided below, use the example that
# satisfies your auth use case.

# Configure API key authorization: apiToken
configuration.api_key['apiToken'] = os.environ["API_KEY"]

# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['apiToken'] = 'Bearer'

configuration.access_token = os.environ["ACCESS_TOKEN"]

# Enter a context with an instance of the API client
with okta.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = okta.IdentityProviderApi(api_client)
    idp_id = '0oa62bfdjnK55Z5x80h7' # str | `id` of IdP
    identity_provider = okta.IdentityProvider() # IdentityProvider | Updated configuration for the IdP

    try:
        # Replace an IdP
        api_response = api_instance.replace_identity_provider(idp_id, identity_provider)
        print("The response of IdentityProviderApi->replace_identity_provider:\n")
        pprint(api_response)
    except Exception as e:
        print("Exception when calling IdentityProviderApi->replace_identity_provider: %s\n" % e)

Parameters

Name Type Description Notes
idp_id str `id` of IdP
identity_provider IdentityProvider Updated configuration for the IdP

Return type

IdentityProvider

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

HTTP response details

Status code Description Response headers
200 Success -
400 Bad Request -
403 Forbidden -
404 Not Found -
429 Too Many Requests -

[Back to top] [Back to API list] [Back to Model list] [Back to README]