Skip to main content
Version: v41

identity_provider_client

PrivX Identity Provider client configuration

idstring

ID of the identity provider client config

namestring

Name of the identity provider client config

idp_typestring

Identity provider client type, "oidc" or "saml"

Default value: oidc
Example: oidc
oidc_issuerstring

The authorization server's issuer identifier. Read-only.

Default value: Provided by server
Example: https://your.privx.server.endpoint/oidc/e00a8f60-9051-48d7-a755-cef45801a7cc/
oidc_audiencestring[]

Custom audience(s) for the IdP config. By default, the audience is your client_id. Use this to add more audiences.

Default value: ["testdomain.local"]
Example: ["testdomain.local"]
oidc_client_idstring

OAuth 2.0 Client Identifier valid at the Authorization Server.

Default value: Provided by server
Example: f81c1189-76b6-46e8-ba1e-54b2d3221534
oidc_client_secretstring

OAuth 2.0 Client secret valid at the Authorization Server.

Default value: Provided by server
Example: 83bcd1d3-cded-4BeB-903e-938359a87053
oidc_scopes_enabledstring[]

Array containing a list of the enabled OAuth 2.0 [RFC6749] "scope" values. "openid" scope is implicitly enabled.

Default value: ["Provided by server"]
Example: ["profile","email","phone","address","offline_access","privx_roles"]
oidc_response_types_supportedstring[]

Array containing a list of the OAuth 2.0 [RFC6749] "response_type" values. Read only.

Default value: ["Provided by server"]
Example: ["code","id_token token","id_token"]
oidc_grant_types_supportedstring[]

Array containing a list of the OAuth 2.0 [RFC6749] grant type values. Read only.

Default value: ["Provided by server"]
Example: ["authorization_code","refresh_token","implicit"]
oidc_code_challenge_method_enabledboolean

Enable PKCE with S256 code_challenge_method

Default value: true
oidc_auth_method_enabledstring

Selected client authentication method used by the Token Endpoint. Allowed values "none","client_secret_basic","client_secret_post" or "private_key_jwt".

Default value: client_secret_basic
oidc_auth_method_postboolean

Enable POST method for client_id/client_secret authentication in addition to HTTP Basic Auth.

Default value: true
oidc_grant_type_refresh_tokenboolean

Enable refresh_token grant use.

Default value: true
oidc_default_logout_redirect_uristring

Default post logout redirect uri, if end_session is called without redirect uri.

oidc_allowed_redirect_urisstring[]

Array containing a list of allowed redirect URIs for Code and Implicit flow.

Example: ["https://thirdpartysite/authorize/callback"]
oidc_attribute_mappingobject

An object containing attribute:token mappings for mapping user attributes to idToken attributes. Allowed token attribute values are sub, name, preferred_username, family_name, given_name, locale, email, and phone_number.

Example: {"email":"sub"}
oidc_signature_algorithmstring

Token signature algorithm [RFC7518]. Allowed values are RS256,RS384,RS512,ES256,ES384,ES512,PS256,PS384,PS512

Default value: RS256
oidc_access_token_valid_in_minutesinteger

Access token validity in minutes.

Default value: 5
oidc_refresh_token_valid_in_minutesinteger

Refresh token validity in minutes.

Default value: 480
saml_identifierstring

The authorization server's entity ID. Global setting, read-only.

Default value: Provided by server
Example: https://privx_endpoint/saml/IdForServiceProvider1
saml_sso_service_urlstring

SAML SSO Service address. Global setting, read-only. TBD

Default value: Provided by server
saml_metadata_urlstring

SAML metadata address. Global setting, read-only. TBD

Default value: Provided by server
saml_acs_urlstring

SAML Assorted Consumer Service url for authentication response. TBD

Default value:
Example: https://thirdpartysite/login/callback
saml_attribute_mappingobject

An object containing mappings for SAML attributes.

saml_public_x509_certificatestring

SAML public X509 certificate. Read-only.

Default value: Provider by server
user_filterstring

User filter. Only users matching this filter are allowed to log in. Leave empty to allow all users.

Default value:
Example: (dn=johndoe*)
enabledboolean

Enable/disable IDP client config

Default value: true
identity_provider_client
{
"id": "string",
"name": "string",
"idp_type": "oidc",
"oidc_issuer": "https://your.privx.server.endpoint/oidc/e00a8f60-9051-48d7-a755-cef45801a7cc/",
"oidc_audience": [
"testdomain.local"
],
"oidc_client_id": "f81c1189-76b6-46e8-ba1e-54b2d3221534",
"oidc_client_secret": "83bcd1d3-cded-4BeB-903e-938359a87053",
"oidc_scopes_enabled": [
"profile",
"email",
"phone",
"address",
"offline_access",
"privx_roles"
],
"oidc_response_types_supported": [
"code",
"id_token token",
"id_token"
],
"oidc_grant_types_supported": [
"authorization_code",
"refresh_token",
"implicit"
],
"oidc_code_challenge_method_enabled": true,
"oidc_auth_method_enabled": "client_secret_basic",
"oidc_auth_method_post": true,
"oidc_grant_type_refresh_token": true,
"oidc_default_logout_redirect_uri": "string",
"oidc_allowed_redirect_uris": [
"https://thirdpartysite/authorize/callback"
],
"oidc_attribute_mapping": {
"email": "sub"
},
"oidc_signature_algorithm": "RS256",
"oidc_access_token_valid_in_minutes": 5,
"oidc_refresh_token_valid_in_minutes": 480,
"saml_identifier": "https://privx_endpoint/saml/IdForServiceProvider1",
"saml_sso_service_url": "Provided by server",
"saml_metadata_url": "Provided by server",
"saml_acs_url": "https://thirdpartysite/login/callback",
"saml_attribute_mapping": {},
"saml_public_x509_certificate": "Provider by server",
"user_filter": "(dn=johndoe*)",
"enabled": true
}