Skip to content
API Reference
/
/
Creates a new SSO provide...

Aritma IAM API (V1)

An API for interacting with the identity and access management system of Aritma.

Download OpenAPI description
iam-openapi.json
iam-openapi.yaml
Overview
URL
https://aritma.com/contact
Languages
Servers
Mock server
https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi
IAM API
https://api.dev.aritma.io/core/iam

Actions

Actions related to IAM actions

Operations

Client

Actions related to clients in Aritma ID

Operations

Domains

Actions related to domains registered for the tenant, and their verification status

Operations

Me

Actions listing information about the currently authenticated user

Operations

Policies

Actions related to IAM policies

Operations

Role

Actions related to Aritma ID roles

Operations

Scim

Actions related to SCIM tokens

Operations

Scope

Actions related to scopes in Aritma ID

Operations

SSO

Actions common for all SSO providers

Operations

SSO - Azure AD (Entra ID)

Actions relating to AzureAd as an SSO provider

Operations

SSO - Custom Providers

Actions relating to custom SSO providers

Operations

Creates a new SSO provider

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Bodyapplication/json
schemestringrequired

The scheme name for the provider

displayNamestringrequired

The display name of the provider

enabledbooleanrequired

Whether or not the provider is enabled

typestringrequired

The type of identityprovider

Value"oidc"
propertiesobjectrequired

The properties that defines the behavior of this provider, dependent on which provider that is used, see json schemas for more details

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true
visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true
delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false
autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true
clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"
clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"
verifyEnabledbooleanrequired

Whether this provider can be used to verify the user in a higher level of assurance.

Example: false
responseTypestringrequired

The OAuth 2.0 response type to request from the provider.

Enum"id_token""code""token""none"
Example: "code"
nameClaimTypestringrequired

The claim type used to extract the user's name.

Example: "name"
emailClaimTypestringrequired

The claim type used to extract the user's email.

Example: "email"
phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number.

Example: "phone"
subjectClaimTypestringrequired

The claim type used as the subject identifier.

Example: "sub"
authoritystringrequired

The OIDC authority URL of the custom provider.

Example: "https://your-idp.example.com"
scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"
getClaimsFromUserInfoEndpointbooleanrequired

Whether to fetch additional claims from the userinfo endpoint after authentication.

Example: false
usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false
application/json
{
  "scheme": "string",
  "displayName": "string",
  "enabled": true,
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "verifyEnabled": false,
    "responseType": "code",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "sub",
    "authority": "https://your-idp.example.com",
    "scope": "openid profile email",
    "getClaimsFromUserInfoEndpoint": false,
    "usePkce": false
  }
}

Responses

Created

Bodyapplication/jsonArray [
relstringrequired

The link relation type (e.g. self, update, delete).

Example: "self"
hrefstring or null

The URL of the related action.

Example: "/v0/sso/custom/1"
methodobjectrequired

The HTTP method to use when calling this link.

Example: "GET"
methodstringrequired
]
Response
application/json
[
  {
    "rel": "self",
    "href": "/v0/sso/custom/1",
    "method": "GET"
  }
]

Deletes an SSO provider by id

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
idinteger(int32)required

The identifier of the SSO provider to delete.

No request payload

Responses

OK

Response
No content

Gets an SSO provider by id

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
idinteger(int32)required
No request payload

Responses

OK

Bodyapplication/json
idinteger(int32)required

The internal identifier of the identity provider.

Example: 1
schemestringrequired

The unique authentication scheme name used to identify this provider.

Example: "azure-ad"
displayNamestringrequired

The human-readable name shown to users on the login page.

Example: "Our Azure AD"
enabledbooleanrequired

Indicates whether this provider is currently active and available for login.

Example: true
providerNamestringrequired

The provider type name (e.g. Azure, Google, Signicat, Custom).

Example: "Azure"
typestringrequired

The protocol type of the provider (e.g. oidc, saml2p).

Example: "oidc"
propertiesobjectrequired

Provider-specific configuration properties.

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true
visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true
delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false
autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true
clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"
clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"
verifyEnabledbooleanrequired

Whether this provider can be used to verify the user in a higher level of assurance.

Example: false
responseTypestringrequired

The OAuth 2.0 response type to request from the provider.

Enum"id_token""code""token""none"
Example: "code"
nameClaimTypestringrequired

The claim type used to extract the user's name.

Example: "name"
emailClaimTypestringrequired

The claim type used to extract the user's email.

Example: "email"
phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number.

Example: "phone"
subjectClaimTypestringrequired

The claim type used as the subject identifier.

Example: "sub"
authoritystringrequired

The OIDC authority URL of the custom provider.

Example: "https://your-idp.example.com"
scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"
getClaimsFromUserInfoEndpointbooleanrequired

Whether to fetch additional claims from the userinfo endpoint after authentication.

Example: false
usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false
Response
application/json
{
  "id": 1,
  "scheme": "azure-ad",
  "displayName": "Our Azure AD",
  "enabled": true,
  "providerName": "Azure",
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "verifyEnabled": false,
    "responseType": "code",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "sub",
    "authority": "https://your-idp.example.com",
    "scope": "openid profile email",
    "getClaimsFromUserInfoEndpoint": false,
    "usePkce": false
  }
}

Updates an SSO provider

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
idinteger(int32)required
Bodyapplication/json
idinteger(int32)required

The id of the identityprovider

schemestringrequired

The scheme name for the provider

displayNamestringrequired

The display name of the provider

enabledbooleanrequired

Whether or not the provider is enabled

typestringrequired

The type of identityprovider

Value"oidc"
propertiesobjectrequired

The properties that defines the behavior of this provider, dependent on which provider that is used, see json schemas for more details

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true
visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true
delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false
autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true
clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"
clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"
verifyEnabledbooleanrequired

Whether this provider can be used to verify the user in a higher level of assurance.

Example: false
responseTypestringrequired

The OAuth 2.0 response type to request from the provider.

Enum"id_token""code""token""none"
Example: "code"
nameClaimTypestringrequired

The claim type used to extract the user's name.

Example: "name"
emailClaimTypestringrequired

The claim type used to extract the user's email.

Example: "email"
phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number.

Example: "phone"
subjectClaimTypestringrequired

The claim type used as the subject identifier.

Example: "sub"
authoritystringrequired

The OIDC authority URL of the custom provider.

Example: "https://your-idp.example.com"
scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"
getClaimsFromUserInfoEndpointbooleanrequired

Whether to fetch additional claims from the userinfo endpoint after authentication.

Example: false
usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false
application/json
{
  "id": 0,
  "scheme": "string",
  "displayName": "string",
  "enabled": true,
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "verifyEnabled": false,
    "responseType": "code",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "sub",
    "authority": "https://your-idp.example.com",
    "scope": "openid profile email",
    "getClaimsFromUserInfoEndpoint": false,
    "usePkce": false
  }
}

Responses

OK

Response
No content

Updates the icon for a custom SSO provider

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
idstringrequired

The identifier of the custom SSO provider.

Body
iconstring(binary)required

The icon to add to the custom SSO provider.

{
  "icon": "string"
}

Responses

OK

Response
No content

Removes the icon from a custom SSO provider

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
idinteger(int32)required

The identifier of the custom SSO provider.

No request payload

Responses

OK

Response
No content

SSO - Google

Actions relating to Google as an SSO provider

Operations

SSO - Signicat

Actions relating to Signicat as an SSO provider

Operations

Subjects

Actions related to IAM subjects

Operations

User

Actions related to Aritma ID users

Operations