Create Identity Provider

Prerequisite: Only contract administrators, owners, and users with accessAndManageIamResources privilege can create and manage Identity Providers (IDPs) through the API. You can also set user privileges in the DCD. For more information, see Set User Privileges for Identity and Access Management.

To create a new Identity Provider (IDP), perform a POST request.

Endpoint

Use the following endpoint to create an IDP: https://iam.ionos.com/federation/identityproviders.

Request

curl --X \  
--request POST 'https://iam.ionos.com/federation/identityproviders' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data '{
{
    "metadata": {},
    "properties": {
        "type": "oidc",
        "name": "IdentityProvider ABC",
        "enabled": true,
        "domain": "yourDomain.com",
        "configuration": {
            "oidc": {
                "openidConfigurationUrl": "https://example.com/.well-known/openid-configuration",
                "clientSecret": "MIICyzCCAbSgAwIBAgIJAMyYqQJkmRIOMA0GCSqGSIb3DQEB...",
                "clientName": "Example Client"
            }
        }
    }
}'

curl --X \  
--request POST 'https://iam.ionos.com/federation/identityproviders' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data '{
   {
  "metadata": {},
  "properties": {
    "type": "oidc",
    "name": "IdentityProvider ABC",
    "enabled": true,
    "domain": "yourDomain.com",
    "configuration": {
      "saml": {
        "metadataDescriptor": "https://yourproviderconfiguration/protocol/saml/descriptor",
        "x509Certificate": "MIICyzCCAbSgAwIBAgIJAMyYqQJkmRIOMA0GCSqGSIb3DQEB..."
      }
    }
  }
}'

Below is the list of mandatory body parameters:

Body Parameters

Type

Description

Example

properties

object

Properties with all the data needed to create a new IDP.

example.com

type

string

The type of identityProvider configuration.

oidc, saml

name

string

Name to uniquely identify the IDP.

IdentityProvider ABC

enabled

boolean

Choose to enable or disable the IDP.

true

configuration

object

Specify the configuration details of the identity broker.

oidc, saml

To make authenticated requests to the API, the following fields are mandatory in the request header:

Header Parameters

Required

Type

Description

Authorization

yes

string

The Bearer token enables requests to authenticate using a JSON Web Token (JWT). From the DCD, Generate authentication token.

Content-Type

yes

string

Set this to application/json.

Response

201 Successful operation

{
  "id": "5e6323da-8a45-5732-bec1-d7c29c1dc890",
  "type": "identityprovider",
  "href": "/identityproviders/5e6323da-8a45-5732-bec1-d7c29c1dc890",
  "metadata": {
    "createdDate": "2020-12-10T13:37:50+01:00",
    "createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedDate": "2020-12-11T13:37:50+01:00",
    "lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>"
  },
  "properties": {
    "name": "IdentityProvider ABC",
    "enabled": true,
    "domain": "yourDomain.com",
    "configuration": {
      "oidc": {
        "openidConfigurationUrl": "https://example.com/.well-known/openid-configuration",
        "clientName": "Example Client",
        "endpoint": "https://iam.ionos.com/realms/cloud/.well-known/openid-configuration"
      }
    }
  }
}

PreviousSet User Privileges through the API NextRetrieve Identity Provider

Last updated 1 day ago

Was this helpful?