postRegister identity provider
Required capability
identity_providers.manageRegister a federated OIDC identity provider for an enterprise. Either discovery_mode=oidc_discovery plus issuer_uri, or discovery_mode=static_jwks plus static_jwks/jwks_uri.
Request
Request URL
POST /identity-providersRequest Body
{
"allowed_clock_skew_seconds": 30,
"auto_jit_provision": false,
"claim_mapping": {
"display_name": "name",
"email": "email",
"external_subject": "sub",
"family_name": "family_name",
"given_name": "given_name"
},
"client_id": "my-oidc-client-id",
"client_secret_ref": null,
"discovery_mode": "oidc_discovery",
"issuer_uri": "https://accounts.google.com",
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
"protocol": "oidc",
"scope_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b"
}Responses
Response
{
"allowed_clock_skew_seconds": 30,
"auto_jit_provision": false,
"claim_mapping": {
"display_name": "name",
"email": "email",
"external_subject": "sub",
"family_name": "family_name",
"given_name": "given_name"
},
"client_id": "my-oidc-client-id",
"client_secret_ref": null,
"created_at": "2026-05-01T10:00:00Z",
"discovery_mode": "oidc_discovery",
"etag": "W/\"a1b2c3d4\"",
"id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
"issuer_uri": "https://accounts.google.com",
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
"protocol": "oidc",
"resource": "identity_provider",
"scope_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
"static_jwks": null,
"status": "active",
"updated_at": "2026-05-01T10:00:00Z"
}Resource created successfully.