identity_provider_client
PrivX Identity Provider client configuration
ID of the identity provider client config
Name of the identity provider client config
Identity provider client type, "oidc" or "saml"
oidc
oidc
The authorization server's issuer identifier. Read-only.
Provided by server
https://your.privx.server.endpoint/oidc/e00a8f60-9051-48d7-a755-cef45801a7cc/
Custom audience(s) for the IdP config. By default, the audience is your client_id. Use this to add more audiences.
["testdomain.local"]
["testdomain.local"]
OAuth 2.0 Client Identifier valid at the Authorization Server.
Provided by server
f81c1189-76b6-46e8-ba1e-54b2d3221534
OAuth 2.0 Client secret valid at the Authorization Server.
Provided by server
83bcd1d3-cded-4BeB-903e-938359a87053
Array containing a list of the enabled OAuth 2.0 [RFC6749] "scope" values. "openid" scope is implicitly enabled.
["Provided by server"]
["profile","email","phone","address","offline_access","privx_roles"]
Array containing a list of the OAuth 2.0 [RFC6749] "response_type" values. Read only.
["Provided by server"]
["code","id_token token","id_token"]
Array containing a list of the OAuth 2.0 [RFC6749] grant type values. Read only.
["Provided by server"]
["authorization_code","refresh_token","implicit"]
Enable PKCE with S256 code_challenge_method
true
Selected client authentication method used by the Token Endpoint. Allowed values "none","client_secret_basic","client_secret_post" or "private_key_jwt".
client_secret_basic
Enable POST method for client_id/client_secret authentication in addition to HTTP Basic Auth.
true
Enable refresh_token grant use.
true
Default post logout redirect uri, if end_session is called without redirect uri.
Array containing a list of allowed redirect URIs for Code and Implicit flow.
["https://thirdpartysite/authorize/callback"]
An object containing attribute:token mappings for mapping user attributes to idToken attributes. Allowed token attribute values are sub, name, preferred_username, family_name, given_name, locale, email, and phone_number.
{"email":"sub"}
Token signature algorithm [RFC7518]. Allowed values are RS256,RS384,RS512,ES256,ES384,ES512,PS256,PS384,PS512
RS256
Access token validity in minutes.
5
Refresh token validity in minutes.
480
The authorization server's entity ID. Global setting, read-only.
Provided by server
https://privx_endpoint/saml/IdForServiceProvider1
SAML SSO Service address. Global setting, read-only. TBD
Provided by server
SAML metadata address. Global setting, read-only. TBD
Provided by server
SAML Assorted Consumer Service url for authentication response. TBD
https://thirdpartysite/login/callback
An object containing mappings for SAML attributes.
SAML public X509 certificate. Read-only.
Provider by server
User filter. Only users matching this filter are allowed to log in. Leave empty to allow all users.
(dn=johndoe*)
Enable/disable IDP client config
true
{
"id": "string",
"name": "string",
"idp_type": "oidc",
"oidc_issuer": "https://your.privx.server.endpoint/oidc/e00a8f60-9051-48d7-a755-cef45801a7cc/",
"oidc_audience": [
"testdomain.local"
],
"oidc_client_id": "f81c1189-76b6-46e8-ba1e-54b2d3221534",
"oidc_client_secret": "83bcd1d3-cded-4BeB-903e-938359a87053",
"oidc_scopes_enabled": [
"profile",
"email",
"phone",
"address",
"offline_access",
"privx_roles"
],
"oidc_response_types_supported": [
"code",
"id_token token",
"id_token"
],
"oidc_grant_types_supported": [
"authorization_code",
"refresh_token",
"implicit"
],
"oidc_code_challenge_method_enabled": true,
"oidc_auth_method_enabled": "client_secret_basic",
"oidc_auth_method_post": true,
"oidc_grant_type_refresh_token": true,
"oidc_default_logout_redirect_uri": "string",
"oidc_allowed_redirect_uris": [
"https://thirdpartysite/authorize/callback"
],
"oidc_attribute_mapping": {
"email": "sub"
},
"oidc_signature_algorithm": "RS256",
"oidc_access_token_valid_in_minutes": 5,
"oidc_refresh_token_valid_in_minutes": 480,
"saml_identifier": "https://privx_endpoint/saml/IdForServiceProvider1",
"saml_sso_service_url": "Provided by server",
"saml_metadata_url": "Provided by server",
"saml_acs_url": "https://thirdpartysite/login/callback",
"saml_attribute_mapping": {},
"saml_public_x509_certificate": "Provider by server",
"user_filter": "(dn=johndoe*)",
"enabled": true
}