Gets an SSO provider by id

Actions

Actions related to IAM actions

Operations

Client

Actions related to clients in Aritma ID

Operations

Domains

Actions related to domains registered for the tenant, and their verification status

Operations

Me

Actions listing information about the currently authenticated user

Operations

Policies

Actions related to IAM policies

Operations

Role

Actions related to Aritma ID roles

Operations

Scim

Actions related to SCIM tokens

Operations

Scope

Actions related to scopes in Aritma ID

Operations

SSO

Actions common for all SSO providers

Operations

SSO - Azure AD (Entra ID)

Actions relating to AzureAd as an SSO provider

Operations

SSO - Custom Providers

Actions relating to custom SSO providers

Operations

Creates a new SSO provider

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Bodyapplication/json

schemestringrequired

The scheme name for the provider

displayNamestringrequired

The display name of the provider

enabledbooleanrequired

Whether or not the provider is enabled

typestringrequired

The type of identityprovider

Value"oidc"

propertiesobjectrequired

The properties that defines the behavior of this provider, dependent on which provider that is used, see json schemas for more details

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true

visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true

delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false

autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true

clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"

clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"

verifyEnabledbooleanrequired

Whether this provider can be used to verify the user in a higher level of assurance.

Example: false

responseTypestringrequired

The OAuth 2.0 response type to request from the provider.

Enum"id_token""code""token""none"

Example: "code"

nameClaimTypestringrequired

The claim type used to extract the user's name.

Example: "name"

emailClaimTypestringrequired

The claim type used to extract the user's email.

Example: "email"

phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number.

Example: "phone"

subjectClaimTypestringrequired

The claim type used as the subject identifier.

Example: "sub"

authoritystringrequired

The OIDC authority URL of the custom provider.

Example: "https://your-idp.example.com"

scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"

getClaimsFromUserInfoEndpointbooleanrequired

Whether to fetch additional claims from the userinfo endpoint after authentication.

Example: false

usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false

application/json

{
  "scheme": "string",
  "displayName": "string",
  "enabled": true,
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "verifyEnabled": false,
    "responseType": "code",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "sub",
    "authority": "https://your-idp.example.com",
    "scope": "openid profile email",
    "getClaimsFromUserInfoEndpoint": false,
    "usePkce": false
  }
}

Responses

Created

Bodyapplication/jsonArray [

relstringrequired

The link relation type (e.g. self, update, delete).

Example: "self"

hrefstring or null

The URL of the related action.

Example: "/v0/sso/custom/1"

methodobjectrequired

The HTTP method to use when calling this link.

Example: "GET"

methodstringrequired

]

Response

application/json

[
  {
    "rel": "self",
    "href": "/v0/sso/custom/1",
    "method": "GET"
  }
]

Deletes an SSO provider by id

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idinteger(int32)required

The identifier of the SSO provider to delete.

No request payload

Responses

OK

Response

No content

Gets an SSO provider by id

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idinteger(int32)required

No request payload

Responses

OK

Bodyapplication/json

idinteger(int32)required

The internal identifier of the identity provider.

Example: 1

schemestringrequired

The unique authentication scheme name used to identify this provider.

Example: "azure-ad"

displayNamestringrequired

The human-readable name shown to users on the login page.

Example: "Our Azure AD"

enabledbooleanrequired

Indicates whether this provider is currently active and available for login.

Example: true

providerNamestringrequired

The provider type name (e.g. Azure, Google, Signicat, Custom).

Example: "Azure"

typestringrequired

The protocol type of the provider (e.g. oidc, saml2p).

Example: "oidc"

propertiesobjectrequired

Provider-specific configuration properties.

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true

visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true

delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false

autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true

clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"

clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"

verifyEnabledbooleanrequired

Whether this provider can be used to verify the user in a higher level of assurance.

Example: false

responseTypestringrequired

The OAuth 2.0 response type to request from the provider.

Enum"id_token""code""token""none"

Example: "code"

nameClaimTypestringrequired

The claim type used to extract the user's name.

Example: "name"

emailClaimTypestringrequired

The claim type used to extract the user's email.

Example: "email"

phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number.

Example: "phone"

subjectClaimTypestringrequired

The claim type used as the subject identifier.

Example: "sub"

authoritystringrequired

The OIDC authority URL of the custom provider.

Example: "https://your-idp.example.com"

scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"

getClaimsFromUserInfoEndpointbooleanrequired

Whether to fetch additional claims from the userinfo endpoint after authentication.

Example: false

usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false

Response

application/json

{
  "id": 1,
  "scheme": "azure-ad",
  "displayName": "Our Azure AD",
  "enabled": true,
  "providerName": "Azure",
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "verifyEnabled": false,
    "responseType": "code",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "sub",
    "authority": "https://your-idp.example.com",
    "scope": "openid profile email",
    "getClaimsFromUserInfoEndpoint": false,
    "usePkce": false
  }
}

Updates an SSO provider

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idinteger(int32)required

Bodyapplication/json

idinteger(int32)required

The id of the identityprovider

schemestringrequired

The scheme name for the provider

displayNamestringrequired

The display name of the provider

enabledbooleanrequired

Whether or not the provider is enabled

typestringrequired

The type of identityprovider

Value"oidc"

propertiesobjectrequired

The properties that defines the behavior of this provider, dependent on which provider that is used, see json schemas for more details

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true

visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true

delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false

autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true

clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"

clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"

verifyEnabledbooleanrequired

Whether this provider can be used to verify the user in a higher level of assurance.

Example: false

responseTypestringrequired

The OAuth 2.0 response type to request from the provider.

Enum"id_token""code""token""none"

Example: "code"

nameClaimTypestringrequired

The claim type used to extract the user's name.

Example: "name"

emailClaimTypestringrequired

The claim type used to extract the user's email.

Example: "email"

phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number.

Example: "phone"

subjectClaimTypestringrequired

The claim type used as the subject identifier.

Example: "sub"

authoritystringrequired

The OIDC authority URL of the custom provider.

Example: "https://your-idp.example.com"

scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"

getClaimsFromUserInfoEndpointbooleanrequired

Whether to fetch additional claims from the userinfo endpoint after authentication.

Example: false

usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false

application/json

{
  "id": 0,
  "scheme": "string",
  "displayName": "string",
  "enabled": true,
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "verifyEnabled": false,
    "responseType": "code",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "sub",
    "authority": "https://your-idp.example.com",
    "scope": "openid profile email",
    "getClaimsFromUserInfoEndpoint": false,
    "usePkce": false
  }
}

Responses

OK

Response

No content

Updates the icon for a custom SSO provider

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idstringrequired

The identifier of the custom SSO provider.

Body

iconstring(binary)required

The icon to add to the custom SSO provider.

{
  "icon": "string"
}

Responses

OK

Response

No content

Removes the icon from a custom SSO provider

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idinteger(int32)required

The identifier of the custom SSO provider.

No request payload

Responses

OK

Response

No content

SSO - Google

Actions relating to Google as an SSO provider

Operations

SSO - Signicat

Actions relating to Signicat as an SSO provider

Operations

Subjects

Actions related to IAM subjects

Operations

User

Actions related to Aritma ID users

Operations

Aritma IAM API (V1)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

Actions

Client

Domains

Me

Policies

Role

Scim

Scope

SSO

SSO - Azure AD (Entra ID)

SSO - Custom Providers

Creates a new SSO provider

Request

Responses

Was this helpful?

Deletes an SSO provider by id

Request

Responses

Was this helpful?

Gets an SSO provider by id

Request

Responses

Was this helpful?

Updates an SSO provider

Request

Responses

Was this helpful?

Updates the icon for a custom SSO provider

Request

Responses

Was this helpful?

Removes the icon from a custom SSO provider

Request

Responses

Was this helpful?

SSO - Google

SSO - Signicat

Subjects

User

Aritma IAM API (V1)CopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude

Actions

Client

Domains

Me

Policies

Role

Scim

Scope

SSO

SSO - Azure AD (Entra ID)

SSO - Custom Providers

Creates a new SSO provider

RequestExpand all

Responses

Was this helpful?

Deletes an SSO provider by id

Request

Responses

Was this helpful?

Gets an SSO provider by id

Request

Responses

Was this helpful?

Updates an SSO provider

RequestExpand all

Responses

Was this helpful?

Updates the icon for a custom SSO provider

Request

Responses

Was this helpful?

Removes the icon from a custom SSO provider

Request

Responses

Was this helpful?

SSO - Google

SSO - Signicat

Subjects

User

Aritma IAM API (V1)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

Request

Request