# Register identity provider Source: https://business-api-docs.youhodler.com/docs/api/reference/identity-providers/identity-providers-create Register a federated OIDC identity provider for an enterprise. Either `discovery_mode=oidc_discovery` plus `issuer_uri`, or `discovery_mode=static_jwks` plus `static_jwks`/`jwks_uri`. ## Request **Request URL — POST** ```http POST /identity-providers ``` **Request Body — application/json** ```json { "allowed_clock_skew_seconds": 30, "auto_jit_provision": false, "claim_mapping": { "display_name": "name", "email": "email", "external_subject": "sub", "family_name": "family_name", "given_name": "given_name" }, "client_id": "my-oidc-client-id", "client_secret_ref": null, "discovery_mode": "oidc_discovery", "issuer_uri": "https://accounts.google.com", "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs", "protocol": "oidc", "scope_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b" } ``` ## Responses **201 Resource created successfully** Resource created successfully. ```json { "allowed_clock_skew_seconds": 30, "auto_jit_provision": false, "claim_mapping": { "display_name": "name", "email": "email", "external_subject": "sub", "family_name": "family_name", "given_name": "given_name" }, "client_id": "my-oidc-client-id", "client_secret_ref": null, "created_at": "2026-05-01T10:00:00Z", "discovery_mode": "oidc_discovery", "etag": "W/\"a1b2c3d4\"", "id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b", "issuer_uri": "https://accounts.google.com", "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs", "protocol": "oidc", "resource": "identity_provider", "scope_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b", "static_jwks": null, "status": "active", "updated_at": "2026-05-01T10:00:00Z" } ``` **400 Invalid request payload** Invalid request payload, query, or parameter shape. ```json { "code": "invalid_request", "details": { "reason": "capability_scope_mismatch" }, "message": "The request payload is invalid." } ``` **401 Caller is not authenticated or the bearer token is invalid** Caller is not authenticated or the bearer token is invalid. ```json { "code": "unauthorized", "message": "Authentication required." } ``` **403 Caller lacks the required capability or permitted scope** Caller lacks the required capability or permitted scope. ```json { "code": "forbidden_capability_scope", "details": { "reason": "missing_capability" }, "message": "Caller does not have the required capability for this operation." } ``` **409 State conflict — the request cannot be applied to the current resource state** State conflict — the request cannot be applied to the current resource state. ```json { "code": "idempotency_conflict", "details": { "reason": "key_payload_mismatch" }, "message": "The idempotency key has already been used with different parameters." } ``` **422 Operation is not admissible — it violates a business rule** Operation is not admissible — it violates a business rule, policy constraint, or lifecycle precondition specific to this resource. ```json { "code": "not_admissible", "details": { "reason": "not_admissible" }, "message": "The operation is not admissible in the current state." } ``` **429 Request rate limit exceeded** Request rate limit exceeded. Retry after the delay indicated in the `details.retry_after_ms` field. ```json { "code": "rate_limited", "details": { "retry_after_ms": 5000 }, "message": "Too many requests." } ``` **502 Upstream service returned an unexpected error** Upstream service returned an unexpected error. ```json { "code": "upstream_error", "message": "An upstream service returned an unexpected error." } ``` **503 Service is temporarily unavailable** Service is temporarily unavailable; retry with backoff. ```json { "code": "temporarily_unavailable", "details": { "reason": "federation_discovery_failed" }, "message": "The service is temporarily unavailable; please retry with backoff." } ``` **Related endpoints:** - `GET` [Get identity provider](/docs/api/reference/identity-providers/identity-providers-get) — Read the created provider - `POST` [Create user](/docs/api/reference/users/users-create) — Create federated users