Manage Workload Identity Providers
- Print
- PDF
Manage Workload Identity Providers
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
These APIs allow you to manage workload identity providers. This includes operations such as retrieving information and details of all workload identity providers, creating new workload identity providers or updating them, creating SCIM tokens, etc.
Workload Identity Provider APIs
1. Create a Workload Identity Provider
The POST method creates a new workload identity provider.
| POST | {{url}}/api/workload/identity-providers |
Request Example
curl --location --request POST '{{url}}/api/workload/identity-providers' \
--header 'Authorization: TOKEN {{apiToken}}'
--data-raw '{
"idpType": "AWS",
"id": 16,
"name": "AWS STS",
"description": "Get caller identity",
"attributesMap": [
{
"idpAttr": "UserId",
"userAttr": "ns9p06xsanb66e1opszl"
}
],
"validationWindow": 99999,
"maxDuration": 5
}Response Example
| Status: 200 OK |
{
"idpType": "AWS",
"id": 16,
"name": "AWS STS",
"description": "Get caller identity",
"attributesMap": [
{
"idpAttr": "UserId",
"userAttr": "ns9p06xsanb66e1opszl"
}
],
"validationWindow": 99999,
"maxDuration": 5
}2. Get Workload Identity Provider Details
The GET method returns the details of the workload identity provider.
| GET | {{url}}/api/workload/identity-providers |
Optional parameters that can be used in this request are type and name.
If the name is used as the optional parameter, the GET method returns the details of the identity provider by name, by using the identity provider name given in the path as the lookup parameter. The type parameter can have the following values: AWS, OIDC or SCIM.
| GET | {{url}}/api/identity-providers?name={{idpName}} |
Request Example
curl --location --request GET '{{url}}/api/workload/identity-providers' \
--header 'Authorization: TOKEN {{apiToken}}'Response Example
An example response of the GET request for retrieving the details of identity providers is shown here.
| Status: 200 OK |
{
"idpType": "AWS",
"id": 16,
"name": "AWS STS",
"description": "Get caller identity",
"attributesMap": [
{
"idpAttr": "UserId",
"userAttr": "ns9p06xsanb66e1opszl"
}
],
"validationWindow": 99999,
"maxDuration": 5
}3. Update Workload Identity Provider
The PUT method updates an identity provider in the system.
| PUT | {{url}}/api/workload/identity-providers |
Request Example
curl --location --request PUT '{{url}}/api/workload/identity-providers' \
--header 'Authorization: TOKEN {{apiToken}}' \
--data-raw '{
"id": 0,
"name": "string",
"description": "string",
"attributesMap": [
{
"idpAttr": "string",
"userAttr": "string"
}
],
"validationWindow": 30
}'Response Example
| Status: 200 OK |
{
"idpType": "AWS",
"id": 16,
"name": "AWS STS",
"description": "Get caller identity",
"attributesMap": [
{
"idpAttr": "UserId",
"userAttr": "ns9p06xsanb66e1opszl"
}
],
"validationWindow": 99999,
"maxDuration": 5
}4. Get Workload Identity Provider Details
The GET method retrieves the details of the workload identity provider.
| GET | {{url}}/api/workload/identity-providers/{{idpId}} |
Request Example
curl --location --request GET '{{url}}/api/workload/identity-providers/{{idpId}}' \
--header 'Authorization: TOKEN {{apiToken}}' Response Example
| Status: 200 OK |
{
"idpType": "AWS",
"id": 16,
"name": "AWS STS",
"description": "Get caller identity",
"attributesMap": [
{
"idpAttr": "UserId",
"userAttr": "ns9p06xsanb66e1opszl"
}
],
"validationWindow": 99999,
"maxDuration": 5
}5. Delete an Identity Provider
The DELETE method deletes the identity provider based on the id of the users associated with that identity provider. This is an irreversible operation and results in the user(s) losing access to the system.
| DELETE | {{url}}/api/workload/identity-providers/{{idpId}} |
Request Example
curl --location --request DELETE '{{url}}/api/workload/identity-providers/{{idpId}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: TOKEN {{apiToken}}'Response Example
| Status: 200 OK |
Workload User Identity Provider APIs
These APIs manage service identity association to an identity provider.
1. Get Service Identity's Identity Provider
The GET method returns the service identity's identity provider for authentication.
| GET | {{url}}/api/workload/users/{{targetUserId}}/identity-provider |
Request Example
curl --location --request GET '{{url}}/api/workload/users/{{targetUserId}}/identity-provider/' \
--header 'Content-Type: application/json' \
--header 'Authorization: TOKEN {{apiToken}}'Response Example
| Status: 200 OK |
{
"idp": {
"id": 0,
"name": "string",
"description": "string",
"attributesMap": [
{
"idpAttr": "string",
"userAttr": "string"
}
],
"validationWindow": 30
},
"tokenDuration": 300,
"mappingAttributes": [
{
"attrId": "string",
"values": [
"string"
]
}
]
}2. Specifying Service identity's authenticating identity provider
The POST method assigns the service identity's identity provider to authenticate with.
| POST | {{url}}/api/workload/users/{{targetUserId}}/identity-provider |
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
| targetUserId | The random 20 alphanumeric string id of the service identity user. | string | Mandatory |
Request Example
curl --location --request POST '{{url}}/api/workload/users/{{targetUserId}}/identity-provider' \
--header 'Content-Type: application/json' \
--header 'Authorization: TOKEN {{apiToken}}' \
--data-raw '{
"idpId": 0,
"tokenDuration": 300,
"mappingAttributes": [
{
"attrId": "string",
"values": [
"string"
]
}
]
}'Response Example
| Status: 200 OK |
{
"idp": {
"id": 0,
"name": "string",
"description": "string",
"attributesMap": [
{
"idpAttr": "string",
"userAttr": "string"
}
],
"validationWindow": 30
},
"tokenDuration": 300,
"mappingAttributes": [
{
"attrId": "string",
"values": [
"string"
]
}
]
}3. Delete Service Identity's assigned identity provider for Authentication
The DELETE method reverts service identity back to use a static API token for authentication by deleting the user identity provider assignment.
| DELETE | {{url}}/api/workload/users/{{targetUserId}}/identity-provider |
Request Example
curl --location --request DELETE '{{url}}/api/workload/users/{{targetUserId}}/identity-provider' \
--header 'Authorization: TOKEN {{apiToken}}'Response Example
| Status: 200 OK |
Workload SCIM User Identity Provider APIs
These APIs manage service identity association to SCIM provisioning for the identity provider.
1. Designate user to authenticate as for SCIM provisioning
The POST method designates user to authenticate as for scim provisioning of an identity provider.
| POST | {{url}}/api/workload/scim-user/identity-provider |
Request Example
curl --location --request POST '{{url}}/api/workload/scim-user/identity-provider' \
--header 'Authorization: TOKEN {{apiToken}}' \
--data-raw '[
{
"idpName": "string",
"userId": "string",
"username": "string"
}
]'Response Example
| Status: 200 OK |
{
"idpName": "string",
"userId": "string",
"username": "string"
}2. Identity Provider SCIM Provisioning assigned Service Identity
The GET method retrieves the identity provider's SCIM provisioning assigned service identity.
| GET | {{url}}/api/workload/scim-user/identity-provider/{{idpName}} |
Request Example
curl --location --request GET '{{url}}/api/workload/scim-user/identity-provider/{{idpName}}' \
--header 'Authorization: TOKEN {{apiToken}}'Response Example
| Status: 200 OK |
{
"idpName": "string",
"userId": "string",
"username": "string"
}3. Delete User SCIM Identity Provider Association
| DELETE | {{url}}/api/workload/scim-user/identity-provider/{{idpName}} |
Request Parameters
| Parameter | Description |
| idpName | Name of the identity provider. |
Request Example
curl --location --request DELETE '{{url}}/api/workload/scim-user/identity-provider/{{idpName}}' \
--header 'Authorization: TOKEN {{apiToken}}'Response Example
This request does not return a response body.
Was this article helpful?
