Oracle Cloud Infrastructure v2.31.0, Apr 17 25

Oracle Cloud Infrastructure v2.31.0 published on Thursday, Apr 17, 2025 by Pulumi

oci.Identity.getDomainsIdentityProvider

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.31.0 published on Thursday, Apr 17, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testIdentityProvider = oci.Identity.getDomainsIdentityProvider({
    idcsEndpoint: testDomain.url,
    identityProviderId: testIdentityProviderOciIdentityIdentityProvider.id,
    attributeSets: [],
    attributes: "",
    authorization: identityProviderAuthorization,
    resourceTypeSchemaVersion: identityProviderResourceTypeSchemaVersion,
});

import pulumi
import pulumi_oci as oci

test_identity_provider = oci.Identity.get_domains_identity_provider(idcs_endpoint=test_domain["url"],
    identity_provider_id=test_identity_provider_oci_identity_identity_provider["id"],
    attribute_sets=[],
    attributes="",
    authorization=identity_provider_authorization,
    resource_type_schema_version=identity_provider_resource_type_schema_version)

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/identity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := identity.GetDomainsIdentityProvider(ctx, &identity.GetDomainsIdentityProviderArgs{
			IdcsEndpoint:              testDomain.Url,
			IdentityProviderId:        testIdentityProviderOciIdentityIdentityProvider.Id,
			AttributeSets:             []interface{}{},
			Attributes:                pulumi.StringRef(""),
			Authorization:             pulumi.StringRef(identityProviderAuthorization),
			ResourceTypeSchemaVersion: pulumi.StringRef(identityProviderResourceTypeSchemaVersion),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testIdentityProvider = Oci.Identity.GetDomainsIdentityProvider.Invoke(new()
    {
        IdcsEndpoint = testDomain.Url,
        IdentityProviderId = testIdentityProviderOciIdentityIdentityProvider.Id,
        AttributeSets = new() { },
        Attributes = "",
        Authorization = identityProviderAuthorization,
        ResourceTypeSchemaVersion = identityProviderResourceTypeSchemaVersion,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Identity.IdentityFunctions;
import com.pulumi.oci.Identity.inputs.GetDomainsIdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testIdentityProvider = IdentityFunctions.getDomainsIdentityProvider(GetDomainsIdentityProviderArgs.builder()
            .idcsEndpoint(testDomain.url())
            .identityProviderId(testIdentityProviderOciIdentityIdentityProvider.id())
            .attributeSets()
            .attributes("")
            .authorization(identityProviderAuthorization)
            .resourceTypeSchemaVersion(identityProviderResourceTypeSchemaVersion)
            .build());

    }
}

variables:
  testIdentityProvider:
    fn::invoke:
      function: oci:Identity:getDomainsIdentityProvider
      arguments:
        idcsEndpoint: ${testDomain.url}
        identityProviderId: ${testIdentityProviderOciIdentityIdentityProvider.id}
        attributeSets: []
        attributes: ""
        authorization: ${identityProviderAuthorization}
        resourceTypeSchemaVersion: ${identityProviderResourceTypeSchemaVersion}

Using getDomainsIdentityProvider

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getDomainsIdentityProvider(args: GetDomainsIdentityProviderArgs, opts?: InvokeOptions): Promise<GetDomainsIdentityProviderResult>
function getDomainsIdentityProviderOutput(args: GetDomainsIdentityProviderOutputArgs, opts?: InvokeOptions): Output<GetDomainsIdentityProviderResult>

def get_domains_identity_provider(attribute_sets: Optional[Sequence[str]] = None,
                                  attributes: Optional[str] = None,
                                  authorization: Optional[str] = None,
                                  idcs_endpoint: Optional[str] = None,
                                  identity_provider_id: Optional[str] = None,
                                  resource_type_schema_version: Optional[str] = None,
                                  opts: Optional[InvokeOptions] = None) -> GetDomainsIdentityProviderResult
def get_domains_identity_provider_output(attribute_sets: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                  attributes: Optional[pulumi.Input[str]] = None,
                                  authorization: Optional[pulumi.Input[str]] = None,
                                  idcs_endpoint: Optional[pulumi.Input[str]] = None,
                                  identity_provider_id: Optional[pulumi.Input[str]] = None,
                                  resource_type_schema_version: Optional[pulumi.Input[str]] = None,
                                  opts: Optional[InvokeOptions] = None) -> Output[GetDomainsIdentityProviderResult]

func GetDomainsIdentityProvider(ctx *Context, args *GetDomainsIdentityProviderArgs, opts ...InvokeOption) (*GetDomainsIdentityProviderResult, error)
func GetDomainsIdentityProviderOutput(ctx *Context, args *GetDomainsIdentityProviderOutputArgs, opts ...InvokeOption) GetDomainsIdentityProviderResultOutput

> Note: This function is named GetDomainsIdentityProvider in the Go SDK.

public static class GetDomainsIdentityProvider 
{
    public static Task<GetDomainsIdentityProviderResult> InvokeAsync(GetDomainsIdentityProviderArgs args, InvokeOptions? opts = null)
    public static Output<GetDomainsIdentityProviderResult> Invoke(GetDomainsIdentityProviderInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetDomainsIdentityProviderResult> getDomainsIdentityProvider(GetDomainsIdentityProviderArgs args, InvokeOptions options)
public static Output<GetDomainsIdentityProviderResult> getDomainsIdentityProvider(GetDomainsIdentityProviderArgs args, InvokeOptions options)

fn::invoke:
  function: oci:Identity/getDomainsIdentityProvider:getDomainsIdentityProvider
  arguments:
    # arguments dictionary

The following arguments are supported:

IdcsEndpoint string: The basic endpoint for the identity domain
IdentityProviderId string: ID of the resource
AttributeSets List<string>: A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
Attributes string: A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
Authorization string: The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
ResourceTypeSchemaVersion string: An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

IdcsEndpoint string: The basic endpoint for the identity domain
IdentityProviderId string: ID of the resource
AttributeSets []string: A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
Attributes string: A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
Authorization string: The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
ResourceTypeSchemaVersion string: An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

idcsEndpoint String: The basic endpoint for the identity domain
identityProviderId String: ID of the resource
attributeSets List<String>: A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
attributes String: A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
authorization String: The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
resourceTypeSchemaVersion String: An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

idcsEndpoint string: The basic endpoint for the identity domain
identityProviderId string: ID of the resource
attributeSets string[]: A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
attributes string: A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
authorization string: The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
resourceTypeSchemaVersion string: An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

idcs_endpoint str: The basic endpoint for the identity domain
identity_provider_id str: ID of the resource
attribute_sets Sequence[str]: A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
attributes str: A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
authorization str: The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
resource_type_schema_version str: An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

idcsEndpoint String: The basic endpoint for the identity domain
identityProviderId String: ID of the resource
attributeSets List<String>: A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
attributes String: A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
authorization String: The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
resourceTypeSchemaVersion String: An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

getDomainsIdentityProvider Result

The following output properties are available:

AssertionAttribute string: Assertion attribute name.
AuthnRequestBinding string: HTTP binding to use for authentication requests.
CompartmentOcid string: Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
CorrelationPolicies List<GetDomainsIdentityProviderCorrelationPolicy>: Correlation policy
DeleteInProgress bool: A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
Description string: Description
DomainOcid string: Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
Enabled bool: Set to true to indicate Partner enabled.
EncryptionCertificate string: Encryption certificate
ExternalId string: An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
IconUrl string: Identity Provider Icon URL.
Id string: Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
IdcsCreatedBies List<GetDomainsIdentityProviderIdcsCreatedBy>: The User or App who created the Resource
IdcsEndpoint string
IdcsLastModifiedBies List<GetDomainsIdentityProviderIdcsLastModifiedBy>: The User or App who modified the Resource
IdcsLastUpgradedInRelease string: The release number when the resource was upgraded.
IdcsPreventedOperations List<string>: Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
IdentityProviderId string
IdpSsoUrl string: Identity Provider SSO URL
IncludeSigningCertInSignature bool: Set to true to include the signing certificate in the signature.
JitUserProvAssignedGroups List<GetDomainsIdentityProviderJitUserProvAssignedGroup>: Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
JitUserProvAttributeUpdateEnabled bool: Set to true to indicate JIT User Creation is enabled
JitUserProvAttributes List<GetDomainsIdentityProviderJitUserProvAttribute>: Assertion To User Mapping
JitUserProvCreateUserEnabled bool: Set to true to indicate JIT User Creation is enabled
JitUserProvEnabled bool: Set to true to indicate JIT User Provisioning is enabled
JitUserProvGroupAssertionAttributeEnabled bool: Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
JitUserProvGroupAssignmentMethod string: The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
JitUserProvGroupMappingMode string: Property to indicate the mode of group mapping
JitUserProvGroupMappings List<GetDomainsIdentityProviderJitUserProvGroupMapping>: The list of mappings between the Identity Domain Group and the IDP group.
JitUserProvGroupSamlAttributeName string: Name of the assertion attribute containing the users groups
JitUserProvGroupStaticListEnabled bool: Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
JitUserProvIgnoreErrorOnAbsentGroups bool: Set to true to indicate ignoring absence of group while provisioning
LastNotificationSentTime string: Records the notification timestamp for the IdP whose signing certificate is about to expire
LogoutBinding string: HTTP binding to use for logout.
LogoutEnabled bool: Set to true to enable logout.
LogoutRequestUrl string: Logout request URL
LogoutResponseUrl string: Logout response URL
Metadata string: Metadata
Metas List<GetDomainsIdentityProviderMeta>: A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
NameIdFormat string: Default authentication request name ID format.
Ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
PartnerName string: Unique name of the trusted Identity Provider.
PartnerProviderId string: Provider ID
RequestedAuthenticationContexts List<string>: SAML SP authentication type.
RequireForceAuthn bool: This SP requires requests SAML IdP to enforce re-authentication.
RequiresEncryptedAssertion bool: SAML SP must accept encrypted assertion only.
SamlHoKrequired bool: SAML SP HoK Enabled.
Schemas List<string>: REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
ServiceInstanceIdentifier string: The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
ShownOnLoginPage bool: Set to true to indicate whether to show IdP in login page or not.
SignatureHashAlgorithm string: Signature hash algorithm.
SigningCertificate string: Signing certificate
SuccinctId string: Succinct ID
Tags List<GetDomainsIdentityProviderTag>: A list of tags on this resource.
TenancyOcid string: Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
TenantProviderId string: The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
Type string: Identity Provider Type
UrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviders List<GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider>: Social Identity Provider Extension Schema
Urnietfparamsscimschemasoracleidcsextensionx509identityProviders List<GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider>: X509 Identity Provider Extension Schema
UserMappingMethod string: User mapping method.
UserMappingStoreAttribute string: This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
AttributeSets List<string>
Attributes string
Authorization string
ResourceTypeSchemaVersion string

AssertionAttribute string: Assertion attribute name.
AuthnRequestBinding string: HTTP binding to use for authentication requests.
CompartmentOcid string: Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
CorrelationPolicies []GetDomainsIdentityProviderCorrelationPolicy: Correlation policy
DeleteInProgress bool: A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
Description string: Description
DomainOcid string: Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
Enabled bool: Set to true to indicate Partner enabled.
EncryptionCertificate string: Encryption certificate
ExternalId string: An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
IconUrl string: Identity Provider Icon URL.
Id string: Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
IdcsCreatedBies []GetDomainsIdentityProviderIdcsCreatedBy: The User or App who created the Resource
IdcsEndpoint string
IdcsLastModifiedBies []GetDomainsIdentityProviderIdcsLastModifiedBy: The User or App who modified the Resource
IdcsLastUpgradedInRelease string: The release number when the resource was upgraded.
IdcsPreventedOperations []string: Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
IdentityProviderId string
IdpSsoUrl string: Identity Provider SSO URL
IncludeSigningCertInSignature bool: Set to true to include the signing certificate in the signature.
JitUserProvAssignedGroups []GetDomainsIdentityProviderJitUserProvAssignedGroup: Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
JitUserProvAttributeUpdateEnabled bool: Set to true to indicate JIT User Creation is enabled
JitUserProvAttributes []GetDomainsIdentityProviderJitUserProvAttribute: Assertion To User Mapping
JitUserProvCreateUserEnabled bool: Set to true to indicate JIT User Creation is enabled
JitUserProvEnabled bool: Set to true to indicate JIT User Provisioning is enabled
JitUserProvGroupAssertionAttributeEnabled bool: Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
JitUserProvGroupAssignmentMethod string: The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
JitUserProvGroupMappingMode string: Property to indicate the mode of group mapping
JitUserProvGroupMappings []GetDomainsIdentityProviderJitUserProvGroupMapping: The list of mappings between the Identity Domain Group and the IDP group.
JitUserProvGroupSamlAttributeName string: Name of the assertion attribute containing the users groups
JitUserProvGroupStaticListEnabled bool: Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
JitUserProvIgnoreErrorOnAbsentGroups bool: Set to true to indicate ignoring absence of group while provisioning
LastNotificationSentTime string: Records the notification timestamp for the IdP whose signing certificate is about to expire
LogoutBinding string: HTTP binding to use for logout.
LogoutEnabled bool: Set to true to enable logout.
LogoutRequestUrl string: Logout request URL
LogoutResponseUrl string: Logout response URL
Metadata string: Metadata
Metas []GetDomainsIdentityProviderMeta: A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
NameIdFormat string: Default authentication request name ID format.
Ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
PartnerName string: Unique name of the trusted Identity Provider.
PartnerProviderId string: Provider ID
RequestedAuthenticationContexts []string: SAML SP authentication type.
RequireForceAuthn bool: This SP requires requests SAML IdP to enforce re-authentication.
RequiresEncryptedAssertion bool: SAML SP must accept encrypted assertion only.
SamlHoKrequired bool: SAML SP HoK Enabled.
Schemas []string: REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
ServiceInstanceIdentifier string: The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
ShownOnLoginPage bool: Set to true to indicate whether to show IdP in login page or not.
SignatureHashAlgorithm string: Signature hash algorithm.
SigningCertificate string: Signing certificate
SuccinctId string: Succinct ID
Tags []GetDomainsIdentityProviderTag: A list of tags on this resource.
TenancyOcid string: Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
TenantProviderId string: The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
Type string: Identity Provider Type
UrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviders []GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider: Social Identity Provider Extension Schema
Urnietfparamsscimschemasoracleidcsextensionx509identityProviders []GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider: X509 Identity Provider Extension Schema
UserMappingMethod string: User mapping method.
UserMappingStoreAttribute string: This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
AttributeSets []string
Attributes string
Authorization string
ResourceTypeSchemaVersion string

assertionAttribute String: Assertion attribute name.
authnRequestBinding String: HTTP binding to use for authentication requests.
compartmentOcid String: Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
correlationPolicies List<GetDomainsProviderCorrelationPolicy>: Correlation policy
deleteInProgress Boolean: A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
description String: Description
domainOcid String: Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
enabled Boolean: Set to true to indicate Partner enabled.
encryptionCertificate String: Encryption certificate
externalId String: An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
iconUrl String: Identity Provider Icon URL.
id String: Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
idcsCreatedBies List<GetDomainsProviderIdcsCreatedBy>: The User or App who created the Resource
idcsEndpoint String
idcsLastModifiedBies List<GetDomainsProviderIdcsLastModifiedBy>: The User or App who modified the Resource
idcsLastUpgradedInRelease String: The release number when the resource was upgraded.
idcsPreventedOperations List<String>: Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
identityProviderId String
idpSsoUrl String: Identity Provider SSO URL
includeSigningCertInSignature Boolean: Set to true to include the signing certificate in the signature.
jitUserProvAssignedGroups List<GetDomainsProviderJitUserProvAssignedGroup>: Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
jitUserProvAttributeUpdateEnabled Boolean: Set to true to indicate JIT User Creation is enabled
jitUserProvAttributes List<GetDomainsProviderJitUserProvAttribute>: Assertion To User Mapping
jitUserProvCreateUserEnabled Boolean: Set to true to indicate JIT User Creation is enabled
jitUserProvEnabled Boolean: Set to true to indicate JIT User Provisioning is enabled
jitUserProvGroupAssertionAttributeEnabled Boolean: Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
jitUserProvGroupAssignmentMethod String: The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
jitUserProvGroupMappingMode String: Property to indicate the mode of group mapping
jitUserProvGroupMappings List<GetDomainsProviderJitUserProvGroupMapping>: The list of mappings between the Identity Domain Group and the IDP group.
jitUserProvGroupSamlAttributeName String: Name of the assertion attribute containing the users groups
jitUserProvGroupStaticListEnabled Boolean: Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
jitUserProvIgnoreErrorOnAbsentGroups Boolean: Set to true to indicate ignoring absence of group while provisioning
lastNotificationSentTime String: Records the notification timestamp for the IdP whose signing certificate is about to expire
logoutBinding String: HTTP binding to use for logout.
logoutEnabled Boolean: Set to true to enable logout.
logoutRequestUrl String: Logout request URL
logoutResponseUrl String: Logout response URL
metadata String: Metadata
metas List<GetDomainsProviderMeta>: A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
nameIdFormat String: Default authentication request name ID format.
ocid String: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
partnerName String: Unique name of the trusted Identity Provider.
partnerProviderId String: Provider ID
requestedAuthenticationContexts List<String>: SAML SP authentication type.
requireForceAuthn Boolean: This SP requires requests SAML IdP to enforce re-authentication.
requiresEncryptedAssertion Boolean: SAML SP must accept encrypted assertion only.
samlHoKrequired Boolean: SAML SP HoK Enabled.
schemas List<String>: REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
serviceInstanceIdentifier String: The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
shownOnLoginPage Boolean: Set to true to indicate whether to show IdP in login page or not.
signatureHashAlgorithm String: Signature hash algorithm.
signingCertificate String: Signing certificate
succinctId String: Succinct ID
tags List<GetDomainsProviderTag>: A list of tags on this resource.
tenancyOcid String: Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
tenantProviderId String: The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
type String: Identity Provider Type
urnietfparamsscimschemasoracleidcsextensionsocialIdentityProviders List<GetDomainsProviderUrnietfparamsscimschemasoracleidcsextensionsocialProvider>: Social Identity Provider Extension Schema
urnietfparamsscimschemasoracleidcsextensionx509identityProviders List<GetDomainsProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider>: X509 Identity Provider Extension Schema
userMappingMethod String: User mapping method.
userMappingStoreAttribute String: This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
attributeSets List<String>
attributes String
authorization String
resourceTypeSchemaVersion String

assertionAttribute string: Assertion attribute name.
authnRequestBinding string: HTTP binding to use for authentication requests.
compartmentOcid string: Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
correlationPolicies GetDomainsIdentityProviderCorrelationPolicy[]: Correlation policy
deleteInProgress boolean: A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
description string: Description
domainOcid string: Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
enabled boolean: Set to true to indicate Partner enabled.
encryptionCertificate string: Encryption certificate
externalId string: An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
iconUrl string: Identity Provider Icon URL.
id string: Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
idcsCreatedBies GetDomainsIdentityProviderIdcsCreatedBy[]: The User or App who created the Resource
idcsEndpoint string
idcsLastModifiedBies GetDomainsIdentityProviderIdcsLastModifiedBy[]: The User or App who modified the Resource
idcsLastUpgradedInRelease string: The release number when the resource was upgraded.
idcsPreventedOperations string[]: Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
identityProviderId string
idpSsoUrl string: Identity Provider SSO URL
includeSigningCertInSignature boolean: Set to true to include the signing certificate in the signature.
jitUserProvAssignedGroups GetDomainsIdentityProviderJitUserProvAssignedGroup[]: Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
jitUserProvAttributeUpdateEnabled boolean: Set to true to indicate JIT User Creation is enabled
jitUserProvAttributes GetDomainsIdentityProviderJitUserProvAttribute[]: Assertion To User Mapping
jitUserProvCreateUserEnabled boolean: Set to true to indicate JIT User Creation is enabled
jitUserProvEnabled boolean: Set to true to indicate JIT User Provisioning is enabled
jitUserProvGroupAssertionAttributeEnabled boolean: Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
jitUserProvGroupAssignmentMethod string: The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
jitUserProvGroupMappingMode string: Property to indicate the mode of group mapping
jitUserProvGroupMappings GetDomainsIdentityProviderJitUserProvGroupMapping[]: The list of mappings between the Identity Domain Group and the IDP group.
jitUserProvGroupSamlAttributeName string: Name of the assertion attribute containing the users groups
jitUserProvGroupStaticListEnabled boolean: Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
jitUserProvIgnoreErrorOnAbsentGroups boolean: Set to true to indicate ignoring absence of group while provisioning
lastNotificationSentTime string: Records the notification timestamp for the IdP whose signing certificate is about to expire
logoutBinding string: HTTP binding to use for logout.
logoutEnabled boolean: Set to true to enable logout.
logoutRequestUrl string: Logout request URL
logoutResponseUrl string: Logout response URL
metadata string: Metadata
metas GetDomainsIdentityProviderMeta[]: A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
nameIdFormat string: Default authentication request name ID format.
ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
partnerName string: Unique name of the trusted Identity Provider.
partnerProviderId string: Provider ID
requestedAuthenticationContexts string[]: SAML SP authentication type.
requireForceAuthn boolean: This SP requires requests SAML IdP to enforce re-authentication.
requiresEncryptedAssertion boolean: SAML SP must accept encrypted assertion only.
samlHoKrequired boolean: SAML SP HoK Enabled.
schemas string[]: REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
serviceInstanceIdentifier string: The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
shownOnLoginPage boolean: Set to true to indicate whether to show IdP in login page or not.
signatureHashAlgorithm string: Signature hash algorithm.
signingCertificate string: Signing certificate
succinctId string: Succinct ID
tags GetDomainsIdentityProviderTag[]: A list of tags on this resource.
tenancyOcid string: Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
tenantProviderId string: The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
type string: Identity Provider Type
urnietfparamsscimschemasoracleidcsextensionsocialIdentityProviders GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider[]: Social Identity Provider Extension Schema
urnietfparamsscimschemasoracleidcsextensionx509identityProviders GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider[]: X509 Identity Provider Extension Schema
userMappingMethod string: User mapping method.
userMappingStoreAttribute string: This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
attributeSets string[]
attributes string
authorization string
resourceTypeSchemaVersion string

assertion_attribute str: Assertion attribute name.
authn_request_binding str: HTTP binding to use for authentication requests.
compartment_ocid str: Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
correlation_policies Sequence[identity.GetDomainsIdentityProviderCorrelationPolicy]: Correlation policy
delete_in_progress bool: A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
description str: Description
domain_ocid str: Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
enabled bool: Set to true to indicate Partner enabled.
encryption_certificate str: Encryption certificate
external_id str: An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
icon_url str: Identity Provider Icon URL.
id str: Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
idcs_created_bies Sequence[identity.GetDomainsIdentityProviderIdcsCreatedBy]: The User or App who created the Resource
idcs_endpoint str
idcs_last_modified_bies Sequence[identity.GetDomainsIdentityProviderIdcsLastModifiedBy]: The User or App who modified the Resource
idcs_last_upgraded_in_release str: The release number when the resource was upgraded.
idcs_prevented_operations Sequence[str]: Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
identity_provider_id str
idp_sso_url str: Identity Provider SSO URL
include_signing_cert_in_signature bool: Set to true to include the signing certificate in the signature.
jit_user_prov_assigned_groups Sequence[identity.GetDomainsIdentityProviderJitUserProvAssignedGroup]: Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
jit_user_prov_attribute_update_enabled bool: Set to true to indicate JIT User Creation is enabled
jit_user_prov_attributes Sequence[identity.GetDomainsIdentityProviderJitUserProvAttribute]: Assertion To User Mapping
jit_user_prov_create_user_enabled bool: Set to true to indicate JIT User Creation is enabled
jit_user_prov_enabled bool: Set to true to indicate JIT User Provisioning is enabled
jit_user_prov_group_assertion_attribute_enabled bool: Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
jit_user_prov_group_assignment_method str: The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
jit_user_prov_group_mapping_mode str: Property to indicate the mode of group mapping
jit_user_prov_group_mappings Sequence[identity.GetDomainsIdentityProviderJitUserProvGroupMapping]: The list of mappings between the Identity Domain Group and the IDP group.
jit_user_prov_group_saml_attribute_name str: Name of the assertion attribute containing the users groups
jit_user_prov_group_static_list_enabled bool: Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
jit_user_prov_ignore_error_on_absent_groups bool: Set to true to indicate ignoring absence of group while provisioning
last_notification_sent_time str: Records the notification timestamp for the IdP whose signing certificate is about to expire
logout_binding str: HTTP binding to use for logout.
logout_enabled bool: Set to true to enable logout.
logout_request_url str: Logout request URL
logout_response_url str: Logout response URL
metadata str: Metadata
metas Sequence[identity.GetDomainsIdentityProviderMeta]: A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
name_id_format str: Default authentication request name ID format.
ocid str: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
partner_name str: Unique name of the trusted Identity Provider.
partner_provider_id str: Provider ID
requested_authentication_contexts Sequence[str]: SAML SP authentication type.
require_force_authn bool: This SP requires requests SAML IdP to enforce re-authentication.
requires_encrypted_assertion bool: SAML SP must accept encrypted assertion only.
saml_ho_krequired bool: SAML SP HoK Enabled.
schemas Sequence[str]: REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
service_instance_identifier str: The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
shown_on_login_page bool: Set to true to indicate whether to show IdP in login page or not.
signature_hash_algorithm str: Signature hash algorithm.
signing_certificate str: Signing certificate
succinct_id str: Succinct ID
tags Sequence[identity.GetDomainsIdentityProviderTag]: A list of tags on this resource.
tenancy_ocid str: Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
tenant_provider_id str: The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
type str: Identity Provider Type
urnietfparamsscimschemasoracleidcsextensionsocial_identity_providers Sequence[identity.GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider]: Social Identity Provider Extension Schema
urnietfparamsscimschemasoracleidcsextensionx509identity_providers Sequence[identity.GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider]: X509 Identity Provider Extension Schema
user_mapping_method str: User mapping method.
user_mapping_store_attribute str: This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
attribute_sets Sequence[str]
attributes str
authorization str
resource_type_schema_version str

assertionAttribute String: Assertion attribute name.
authnRequestBinding String: HTTP binding to use for authentication requests.
compartmentOcid String: Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
correlationPolicies List<Property Map>: Correlation policy
deleteInProgress Boolean: A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
description String: Description
domainOcid String: Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
enabled Boolean: Set to true to indicate Partner enabled.
encryptionCertificate String: Encryption certificate
externalId String: An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
iconUrl String: Identity Provider Icon URL.
id String: Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
idcsCreatedBies List<Property Map>: The User or App who created the Resource
idcsEndpoint String
idcsLastModifiedBies List<Property Map>: The User or App who modified the Resource
idcsLastUpgradedInRelease String: The release number when the resource was upgraded.
idcsPreventedOperations List<String>: Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
identityProviderId String
idpSsoUrl String: Identity Provider SSO URL
includeSigningCertInSignature Boolean: Set to true to include the signing certificate in the signature.
jitUserProvAssignedGroups List<Property Map>: Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
jitUserProvAttributeUpdateEnabled Boolean: Set to true to indicate JIT User Creation is enabled
jitUserProvAttributes List<Property Map>: Assertion To User Mapping
jitUserProvCreateUserEnabled Boolean: Set to true to indicate JIT User Creation is enabled
jitUserProvEnabled Boolean: Set to true to indicate JIT User Provisioning is enabled
jitUserProvGroupAssertionAttributeEnabled Boolean: Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
jitUserProvGroupAssignmentMethod String: The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
jitUserProvGroupMappingMode String: Property to indicate the mode of group mapping
jitUserProvGroupMappings List<Property Map>: The list of mappings between the Identity Domain Group and the IDP group.
jitUserProvGroupSamlAttributeName String: Name of the assertion attribute containing the users groups
jitUserProvGroupStaticListEnabled Boolean: Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
jitUserProvIgnoreErrorOnAbsentGroups Boolean: Set to true to indicate ignoring absence of group while provisioning
lastNotificationSentTime String: Records the notification timestamp for the IdP whose signing certificate is about to expire
logoutBinding String: HTTP binding to use for logout.
logoutEnabled Boolean: Set to true to enable logout.
logoutRequestUrl String: Logout request URL
logoutResponseUrl String: Logout response URL
metadata String: Metadata
metas List<Property Map>: A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
nameIdFormat String: Default authentication request name ID format.
ocid String: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
partnerName String: Unique name of the trusted Identity Provider.
partnerProviderId String: Provider ID
requestedAuthenticationContexts List<String>: SAML SP authentication type.
requireForceAuthn Boolean: This SP requires requests SAML IdP to enforce re-authentication.
requiresEncryptedAssertion Boolean: SAML SP must accept encrypted assertion only.
samlHoKrequired Boolean: SAML SP HoK Enabled.
schemas List<String>: REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
serviceInstanceIdentifier String: The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
shownOnLoginPage Boolean: Set to true to indicate whether to show IdP in login page or not.
signatureHashAlgorithm String: Signature hash algorithm.
signingCertificate String: Signing certificate
succinctId String: Succinct ID
tags List<Property Map>: A list of tags on this resource.
tenancyOcid String: Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
tenantProviderId String: The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
type String: Identity Provider Type
urnietfparamsscimschemasoracleidcsextensionsocialIdentityProviders List<Property Map>: Social Identity Provider Extension Schema
urnietfparamsscimschemasoracleidcsextensionx509identityProviders List<Property Map>: X509 Identity Provider Extension Schema
userMappingMethod String: User mapping method.
userMappingStoreAttribute String: This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
attributeSets List<String>
attributes String
authorization String
resourceTypeSchemaVersion String

Supporting Types

GetDomainsIdentityProviderCorrelationPolicy

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ref string: Group URI
Type string: Identity Provider Type
Value string: Group identifier

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ref string: Group URI
Type string: Identity Provider Type
Value string: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ref String: Group URI
type String: Identity Provider Type
value String: Group identifier

display string: A human readable name, primarily used for display purposes. READ-ONLY.
ref string: Group URI
type string: Identity Provider Type
value string: Group identifier

display str: A human readable name, primarily used for display purposes. READ-ONLY.
ref str: Group URI
type str: Identity Provider Type
value str: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ref String: Group URI
type String: Identity Provider Type
value String: Group identifier

GetDomainsIdentityProviderIdcsCreatedBy

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
Ref string: Group URI
Type string: Identity Provider Type
Value string: Group identifier

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
Ref string: Group URI
Type string: Identity Provider Type
Value string: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ocid String: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref String: Group URI
type String: Identity Provider Type
value String: Group identifier

display string: A human readable name, primarily used for display purposes. READ-ONLY.
ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref string: Group URI
type string: Identity Provider Type
value string: Group identifier

display str: A human readable name, primarily used for display purposes. READ-ONLY.
ocid str: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref str: Group URI
type str: Identity Provider Type
value str: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ocid String: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref String: Group URI
type String: Identity Provider Type
value String: Group identifier

GetDomainsIdentityProviderIdcsLastModifiedBy

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
Ref string: Group URI
Type string: Identity Provider Type
Value string: Group identifier

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
Ref string: Group URI
Type string: Identity Provider Type
Value string: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ocid String: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref String: Group URI
type String: Identity Provider Type
value String: Group identifier

display string: A human readable name, primarily used for display purposes. READ-ONLY.
ocid string: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref string: Group URI
type string: Identity Provider Type
value string: Group identifier

display str: A human readable name, primarily used for display purposes. READ-ONLY.
ocid str: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref str: Group URI
type str: Identity Provider Type
value str: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ocid String: Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
ref String: Group URI
type String: Identity Provider Type
value String: Group identifier

GetDomainsIdentityProviderJitUserProvAssignedGroup

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ref string: Group URI
Value string: Group identifier

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ref string: Group URI
Value string: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ref String: Group URI
value String: Group identifier

display string: A human readable name, primarily used for display purposes. READ-ONLY.
ref string: Group URI
value string: Group identifier

display str: A human readable name, primarily used for display purposes. READ-ONLY.
ref str: Group URI
value str: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ref String: Group URI
value String: Group identifier

GetDomainsIdentityProviderJitUserProvAttribute

Ref string: Group URI
Value string: Group identifier

Ref string: Group URI
Value string: Group identifier

ref String: Group URI
value String: Group identifier

ref string: Group URI
value string: Group identifier

ref str: Group URI
value str: Group identifier

ref String: Group URI
value String: Group identifier

GetDomainsIdentityProviderJitUserProvGroupMapping

IdpGroup string: IDP Group Name
Ref string: Group URI
Value string: Group identifier

IdpGroup string: IDP Group Name
Ref string: Group URI
Value string: Group identifier

idpGroup String: IDP Group Name
ref String: Group URI
value String: Group identifier

idpGroup string: IDP Group Name
ref string: Group URI
value string: Group identifier

idp_group str: IDP Group Name
ref str: Group URI
value str: Group identifier

idpGroup String: IDP Group Name
ref String: Group URI
value String: Group identifier

GetDomainsIdentityProviderMeta

Created string: The DateTime the Resource was added to the Service Provider
LastModified string: The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
Location string: The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
ResourceType string: Name of the resource type of the resource--for example, Users or Groups
Version string: The version of the Resource being returned. This value must be the same as the ETag HTTP response header.

Created string: The DateTime the Resource was added to the Service Provider
LastModified string: The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
Location string: The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
ResourceType string: Name of the resource type of the resource--for example, Users or Groups
Version string: The version of the Resource being returned. This value must be the same as the ETag HTTP response header.

created String: The DateTime the Resource was added to the Service Provider
lastModified String: The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
location String: The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
resourceType String: Name of the resource type of the resource--for example, Users or Groups
version String: The version of the Resource being returned. This value must be the same as the ETag HTTP response header.

created string: The DateTime the Resource was added to the Service Provider
lastModified string: The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
location string: The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
resourceType string: Name of the resource type of the resource--for example, Users or Groups
version string: The version of the Resource being returned. This value must be the same as the ETag HTTP response header.

created str: The DateTime the Resource was added to the Service Provider
last_modified str: The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
location str: The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
resource_type str: Name of the resource type of the resource--for example, Users or Groups
version str: The version of the Resource being returned. This value must be the same as the ETag HTTP response header.

created String: The DateTime the Resource was added to the Service Provider
lastModified String: The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
location String: The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
resourceType String: Name of the resource type of the resource--for example, Users or Groups
version String: The version of the Resource being returned. This value must be the same as the ETag HTTP response header.

GetDomainsIdentityProviderTag

Key string: Key or name of the tag.
Value string: Group identifier

Key string: Key or name of the tag.
Value string: Group identifier

key String: Key or name of the tag.
value String: Group identifier

key string: Key or name of the tag.
value string: Group identifier

key str: Key or name of the tag.
value str: Group identifier

key String: Key or name of the tag.
value String: Group identifier

GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider

AccessTokenUrl string: Social IDP Access token URL
AccountLinkingEnabled bool: Whether account linking is enabled
AdminScopes List<string>: Admin scope to request
AuthzUrl string: Social IDP Authorization URL
AutoRedirectEnabled bool: Whether social auto redirect is enabled. The IDP policy should be configured with only one Social IDP, and without username/password selected.
ClientCredentialInPayload bool: Whether the client credential is contained in payload
ClockSkewInSeconds int: Social IDP allowed clock skew time
ConsumerKey string: Social IDP Client Application Client ID
ConsumerSecret string: Social IDP Client Application Client Secret
DiscoveryUrl string: Discovery URL
IdAttribute string: Id attribute used for account linking
JitProvAssignedGroups List<GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviderJitProvAssignedGroup>: Lists the groups each social JIT-provisioned user is a member. Just-in-Time user-provisioning applies this static list when jitProvGroupStaticListEnabled:true.
JitProvGroupStaticListEnabled bool: Set to true to indicate Social JIT User Provisioning Groups should be assigned from a static list
ProfileUrl string: Social IDP User profile URL
RedirectUrl string: redirect URL for social idp
RegistrationEnabled bool: Whether registration is enabled
Scopes List<string>: Scope to request
ServiceProviderName string: Service Provider Name
SocialJitProvisioningEnabled bool: Whether Social JIT Provisioning is enabled
Status string: Status

AccessTokenUrl string: Social IDP Access token URL
AccountLinkingEnabled bool: Whether account linking is enabled
AdminScopes []string: Admin scope to request
AuthzUrl string: Social IDP Authorization URL
AutoRedirectEnabled bool: Whether social auto redirect is enabled. The IDP policy should be configured with only one Social IDP, and without username/password selected.
ClientCredentialInPayload bool: Whether the client credential is contained in payload
ClockSkewInSeconds int: Social IDP allowed clock skew time
ConsumerKey string: Social IDP Client Application Client ID
ConsumerSecret string: Social IDP Client Application Client Secret
DiscoveryUrl string: Discovery URL
IdAttribute string: Id attribute used for account linking
JitProvAssignedGroups []GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviderJitProvAssignedGroup: Lists the groups each social JIT-provisioned user is a member. Just-in-Time user-provisioning applies this static list when jitProvGroupStaticListEnabled:true.
JitProvGroupStaticListEnabled bool: Set to true to indicate Social JIT User Provisioning Groups should be assigned from a static list
ProfileUrl string: Social IDP User profile URL
RedirectUrl string: redirect URL for social idp
RegistrationEnabled bool: Whether registration is enabled
Scopes []string: Scope to request
ServiceProviderName string: Service Provider Name
SocialJitProvisioningEnabled bool: Whether Social JIT Provisioning is enabled
Status string: Status

accessTokenUrl String: Social IDP Access token URL
accountLinkingEnabled Boolean: Whether account linking is enabled
adminScopes List<String>: Admin scope to request
authzUrl String: Social IDP Authorization URL
autoRedirectEnabled Boolean: Whether social auto redirect is enabled. The IDP policy should be configured with only one Social IDP, and without username/password selected.
clientCredentialInPayload Boolean: Whether the client credential is contained in payload
clockSkewInSeconds Integer: Social IDP allowed clock skew time
consumerKey String: Social IDP Client Application Client ID
consumerSecret String: Social IDP Client Application Client Secret
discoveryUrl String: Discovery URL
idAttribute String: Id attribute used for account linking
jitProvAssignedGroups List<GetDomainsProviderUrnietfparamsscimschemasoracleidcsextensionsocialProviderJitProvAssignedGroup>: Lists the groups each social JIT-provisioned user is a member. Just-in-Time user-provisioning applies this static list when jitProvGroupStaticListEnabled:true.
jitProvGroupStaticListEnabled Boolean: Set to true to indicate Social JIT User Provisioning Groups should be assigned from a static list
profileUrl String: Social IDP User profile URL
redirectUrl String: redirect URL for social idp
registrationEnabled Boolean: Whether registration is enabled
scopes List<String>: Scope to request
serviceProviderName String: Service Provider Name
socialJitProvisioningEnabled Boolean: Whether Social JIT Provisioning is enabled
status String: Status

accessTokenUrl string: Social IDP Access token URL
accountLinkingEnabled boolean: Whether account linking is enabled
adminScopes string[]: Admin scope to request
authzUrl string: Social IDP Authorization URL
autoRedirectEnabled boolean: Whether social auto redirect is enabled. The IDP policy should be configured with only one Social IDP, and without username/password selected.
clientCredentialInPayload boolean: Whether the client credential is contained in payload
clockSkewInSeconds number: Social IDP allowed clock skew time
consumerKey string: Social IDP Client Application Client ID
consumerSecret string: Social IDP Client Application Client Secret
discoveryUrl string: Discovery URL
idAttribute string: Id attribute used for account linking
jitProvAssignedGroups GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviderJitProvAssignedGroup[]: Lists the groups each social JIT-provisioned user is a member. Just-in-Time user-provisioning applies this static list when jitProvGroupStaticListEnabled:true.
jitProvGroupStaticListEnabled boolean: Set to true to indicate Social JIT User Provisioning Groups should be assigned from a static list
profileUrl string: Social IDP User profile URL
redirectUrl string: redirect URL for social idp
registrationEnabled boolean: Whether registration is enabled
scopes string[]: Scope to request
serviceProviderName string: Service Provider Name
socialJitProvisioningEnabled boolean: Whether Social JIT Provisioning is enabled
status string: Status

access_token_url str: Social IDP Access token URL
account_linking_enabled bool: Whether account linking is enabled
admin_scopes Sequence[str]: Admin scope to request
authz_url str: Social IDP Authorization URL
auto_redirect_enabled bool: Whether social auto redirect is enabled. The IDP policy should be configured with only one Social IDP, and without username/password selected.
client_credential_in_payload bool: Whether the client credential is contained in payload
clock_skew_in_seconds int: Social IDP allowed clock skew time
consumer_key str: Social IDP Client Application Client ID
consumer_secret str: Social IDP Client Application Client Secret
discovery_url str: Discovery URL
id_attribute str: Id attribute used for account linking
jit_prov_assigned_groups Sequence[identity.GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviderJitProvAssignedGroup]: Lists the groups each social JIT-provisioned user is a member. Just-in-Time user-provisioning applies this static list when jitProvGroupStaticListEnabled:true.
jit_prov_group_static_list_enabled bool: Set to true to indicate Social JIT User Provisioning Groups should be assigned from a static list
profile_url str: Social IDP User profile URL
redirect_url str: redirect URL for social idp
registration_enabled bool: Whether registration is enabled
scopes Sequence[str]: Scope to request
service_provider_name str: Service Provider Name
social_jit_provisioning_enabled bool: Whether Social JIT Provisioning is enabled
status str: Status

accessTokenUrl String: Social IDP Access token URL
accountLinkingEnabled Boolean: Whether account linking is enabled
adminScopes List<String>: Admin scope to request
authzUrl String: Social IDP Authorization URL
autoRedirectEnabled Boolean: Whether social auto redirect is enabled. The IDP policy should be configured with only one Social IDP, and without username/password selected.
clientCredentialInPayload Boolean: Whether the client credential is contained in payload
clockSkewInSeconds Number: Social IDP allowed clock skew time
consumerKey String: Social IDP Client Application Client ID
consumerSecret String: Social IDP Client Application Client Secret
discoveryUrl String: Discovery URL
idAttribute String: Id attribute used for account linking
jitProvAssignedGroups List<Property Map>: Lists the groups each social JIT-provisioned user is a member. Just-in-Time user-provisioning applies this static list when jitProvGroupStaticListEnabled:true.
jitProvGroupStaticListEnabled Boolean: Set to true to indicate Social JIT User Provisioning Groups should be assigned from a static list
profileUrl String: Social IDP User profile URL
redirectUrl String: redirect URL for social idp
registrationEnabled Boolean: Whether registration is enabled
scopes List<String>: Scope to request
serviceProviderName String: Service Provider Name
socialJitProvisioningEnabled Boolean: Whether Social JIT Provisioning is enabled
status String: Status

GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviderJitProvAssignedGroup

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ref string: Group URI
Value string: Group identifier

Display string: A human readable name, primarily used for display purposes. READ-ONLY.
Ref string: Group URI
Value string: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ref String: Group URI
value String: Group identifier

display string: A human readable name, primarily used for display purposes. READ-ONLY.
ref string: Group URI
value string: Group identifier

display str: A human readable name, primarily used for display purposes. READ-ONLY.
ref str: Group URI
value str: Group identifier

display String: A human readable name, primarily used for display purposes. READ-ONLY.
ref String: Group URI
value String: Group identifier

GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider

CertMatchAttribute string: X509 Certificate Matching Attribute
CrlCheckOnOcspFailureEnabled bool: Fallback on CRL Validation if OCSP fails.
CrlEnabled bool: Set to true to enable CRL Validation
CrlLocation string: CRL Location URL
CrlReloadDuration int: Fetch the CRL contents every X minutes
EkuValidationEnabled bool: Set to true to enable EKU Validation
EkuValues List<string>: List of EKU which needs to be validated
OcspAllowUnknownResponseStatus bool: Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
OcspEnableSignedResponse bool: Describes if the OCSP response is signed
OcspEnabled bool: Set to true to enable OCSP Validation
OcspResponderUrl string: This property specifies OCSP Responder URL.
OcspRevalidateTime int: Revalidate OCSP status for user after X hours
OcspServerName string: This property specifies the OCSP Server alias name
OcspTrustCertChains List<string>: OCSP Trusted Certificate Chain
OtherCertMatchAttribute string: Check for specific conditions of other certificate attributes
SigningCertificateChains List<string>: Certificate alias list to create a chain for the incoming client certificate
UserMatchAttribute string: This property specifies the userstore attribute value that must match the incoming certificate attribute.

CertMatchAttribute string: X509 Certificate Matching Attribute
CrlCheckOnOcspFailureEnabled bool: Fallback on CRL Validation if OCSP fails.
CrlEnabled bool: Set to true to enable CRL Validation
CrlLocation string: CRL Location URL
CrlReloadDuration int: Fetch the CRL contents every X minutes
EkuValidationEnabled bool: Set to true to enable EKU Validation
EkuValues []string: List of EKU which needs to be validated
OcspAllowUnknownResponseStatus bool: Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
OcspEnableSignedResponse bool: Describes if the OCSP response is signed
OcspEnabled bool: Set to true to enable OCSP Validation
OcspResponderUrl string: This property specifies OCSP Responder URL.
OcspRevalidateTime int: Revalidate OCSP status for user after X hours
OcspServerName string: This property specifies the OCSP Server alias name
OcspTrustCertChains []string: OCSP Trusted Certificate Chain
OtherCertMatchAttribute string: Check for specific conditions of other certificate attributes
SigningCertificateChains []string: Certificate alias list to create a chain for the incoming client certificate
UserMatchAttribute string: This property specifies the userstore attribute value that must match the incoming certificate attribute.

certMatchAttribute String: X509 Certificate Matching Attribute
crlCheckOnOcspFailureEnabled Boolean: Fallback on CRL Validation if OCSP fails.
crlEnabled Boolean: Set to true to enable CRL Validation
crlLocation String: CRL Location URL
crlReloadDuration Integer: Fetch the CRL contents every X minutes
ekuValidationEnabled Boolean: Set to true to enable EKU Validation
ekuValues List<String>: List of EKU which needs to be validated
ocspAllowUnknownResponseStatus Boolean: Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
ocspEnableSignedResponse Boolean: Describes if the OCSP response is signed
ocspEnabled Boolean: Set to true to enable OCSP Validation
ocspResponderUrl String: This property specifies OCSP Responder URL.
ocspRevalidateTime Integer: Revalidate OCSP status for user after X hours
ocspServerName String: This property specifies the OCSP Server alias name
ocspTrustCertChains List<String>: OCSP Trusted Certificate Chain
otherCertMatchAttribute String: Check for specific conditions of other certificate attributes
signingCertificateChains List<String>: Certificate alias list to create a chain for the incoming client certificate
userMatchAttribute String: This property specifies the userstore attribute value that must match the incoming certificate attribute.

certMatchAttribute string: X509 Certificate Matching Attribute
crlCheckOnOcspFailureEnabled boolean: Fallback on CRL Validation if OCSP fails.
crlEnabled boolean: Set to true to enable CRL Validation
crlLocation string: CRL Location URL
crlReloadDuration number: Fetch the CRL contents every X minutes
ekuValidationEnabled boolean: Set to true to enable EKU Validation
ekuValues string[]: List of EKU which needs to be validated
ocspAllowUnknownResponseStatus boolean: Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
ocspEnableSignedResponse boolean: Describes if the OCSP response is signed
ocspEnabled boolean: Set to true to enable OCSP Validation
ocspResponderUrl string: This property specifies OCSP Responder URL.
ocspRevalidateTime number: Revalidate OCSP status for user after X hours
ocspServerName string: This property specifies the OCSP Server alias name
ocspTrustCertChains string[]: OCSP Trusted Certificate Chain
otherCertMatchAttribute string: Check for specific conditions of other certificate attributes
signingCertificateChains string[]: Certificate alias list to create a chain for the incoming client certificate
userMatchAttribute string: This property specifies the userstore attribute value that must match the incoming certificate attribute.

cert_match_attribute str: X509 Certificate Matching Attribute
crl_check_on_ocsp_failure_enabled bool: Fallback on CRL Validation if OCSP fails.
crl_enabled bool: Set to true to enable CRL Validation
crl_location str: CRL Location URL
crl_reload_duration int: Fetch the CRL contents every X minutes
eku_validation_enabled bool: Set to true to enable EKU Validation
eku_values Sequence[str]: List of EKU which needs to be validated
ocsp_allow_unknown_response_status bool: Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
ocsp_enable_signed_response bool: Describes if the OCSP response is signed
ocsp_enabled bool: Set to true to enable OCSP Validation
ocsp_responder_url str: This property specifies OCSP Responder URL.
ocsp_revalidate_time int: Revalidate OCSP status for user after X hours
ocsp_server_name str: This property specifies the OCSP Server alias name
ocsp_trust_cert_chains Sequence[str]: OCSP Trusted Certificate Chain
other_cert_match_attribute str: Check for specific conditions of other certificate attributes
signing_certificate_chains Sequence[str]: Certificate alias list to create a chain for the incoming client certificate
user_match_attribute str: This property specifies the userstore attribute value that must match the incoming certificate attribute.

certMatchAttribute String: X509 Certificate Matching Attribute
crlCheckOnOcspFailureEnabled Boolean: Fallback on CRL Validation if OCSP fails.
crlEnabled Boolean: Set to true to enable CRL Validation
crlLocation String: CRL Location URL
crlReloadDuration Number: Fetch the CRL contents every X minutes
ekuValidationEnabled Boolean: Set to true to enable EKU Validation
ekuValues List<String>: List of EKU which needs to be validated
ocspAllowUnknownResponseStatus Boolean: Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
ocspEnableSignedResponse Boolean: Describes if the OCSP response is signed
ocspEnabled Boolean: Set to true to enable OCSP Validation
ocspResponderUrl String: This property specifies OCSP Responder URL.
ocspRevalidateTime Number: Revalidate OCSP status for user after X hours
ocspServerName String: This property specifies the OCSP Server alias name
ocspTrustCertChains List<String>: OCSP Trusted Certificate Chain
otherCertMatchAttribute String: Check for specific conditions of other certificate attributes
signingCertificateChains List<String>: Certificate alias list to create a chain for the incoming client certificate
userMatchAttribute String: This property specifies the userstore attribute value that must match the incoming certificate attribute.

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v2.31.0 published on Thursday, Apr 17, 2025 by Pulumi

pulumi/pulumi-oci

oci.Identity.getDomainsIdentityProvider

On this page

On this page

Example Usage

Using getDomainsIdentityProvider

getDomainsIdentityProvider Result

Supporting Types

GetDomainsIdentityProviderCorrelationPolicy

GetDomainsIdentityProviderIdcsCreatedBy

GetDomainsIdentityProviderIdcsLastModifiedBy

GetDomainsIdentityProviderJitUserProvAssignedGroup

GetDomainsIdentityProviderJitUserProvAttribute

GetDomainsIdentityProviderJitUserProvGroupMapping

GetDomainsIdentityProviderMeta

GetDomainsIdentityProviderTag

GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider

GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProviderJitProvAssignedGroup

GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider

Package Details

On this page

On this page