Skip to main content
POST
/
v1
/
regions
/
global
/
iam
/
providers
Create identity provider
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: JSON.stringify({
    displayName: '<string>',
    tenantDomain: '<string>',
    oidcConfig: {
      discoveryUrl: 'https://customerA-idp.com/.well-known/openid-configuration',
      clientId: 'CLIENT_ID_FROM_CUSTOMER',
      clientSecret: 'CLIENT_SECRET_FROM_CUSTOMER'
    },
    orgId: '<string>',
    enabled: true
  })
};

fetch('https://api.k0rdent.ai/v1/regions/global/iam/providers', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
{
  "uid": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "id": "provider-m5n6o7",
  "displayName": "Customer A OIDC",
  "enabled": true,
  "tenantDomain": "<string>",
  "oidcConfig": {
    "discoveryUrl": "https://customerA-idp.com/.well-known/openid-configuration",
    "clientId": "CLIENT_ID_FROM_CUSTOMER"
  },
  "createdAt": "2023-11-07T05:31:56Z",
  "selfLink": "/v1/regions/global/iam/providers/provider-m5n6o7",
  "updatedAt": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Bearer token authentication using OAuth2/OIDC tokens

Body

application/json
displayName
string
required

Human-readable display name for the identity provider.

Required string length: 1 - 255
tenantDomain
string
required

Tenant domain associated with the provider. Will be used as login hint for OIDC authentication flows.

oidcConfig
object
required

OIDC configuration details for onboarding the provider.

orgId
string

Organization identifier. Required when the provider is being created by an operator user to onboard a provider for a specific organization. If not specified, the provider will be onboarded for the current user's organization.

enabled
boolean
default:true

Enable or disable the provider

Response

Identity provider successfully created

External identity provider configuration. Supports only OIDC providers.

uid
string<uuid>
required

Server-generated UUID.

id
string
required

Name of the resource. Provided by the client when the resource is created, or generated by the server if not specified. Must be 1-63 characters long and match the pattern a-z? — the first character must be a lowercase letter, and all following characters must be lowercase letters, digits, or hyphens, with the last character being a letter or digit. Cannot be changed after the resource is created.

Required string length: 1 - 63
Pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$
Example:

"provider-m5n6o7"

displayName
string
required

Human-readable display name for the identity provider.

Required string length: 1 - 255
Example:

"Customer A OIDC"

enabled
boolean
required

Provider enabled status

tenantDomain
string
required

Tenant domain associated with the provider. Will be used as login hint for OIDC authentication flows.

oidcConfig
object
required

OIDC configuration details for onboarding the provider.

createdAt
string<date-time>
required

Provider creation timestamp

selfLink
string<uri>

Server-defined URL for this resource.

Example:

"/v1/regions/global/iam/providers/provider-m5n6o7"

updatedAt
string<date-time>

Provider last update timestamp